Hi guys,
We have the Splunk Add-on for IPFIX installed on one of our Heavy Forwarders.
I got noticed that one of the Python scripts is causing a daily crash of that HWF host.
-Path of the .py script: `/opt/splunk/splunk/etc/apps/Splunk_TA_IPFIX_UDP_NIX/bin/ipfix_collector.py`
-Checked splunkd.log in the heavy-weight forwarder, could not find any information related to `ipfix_collector.py`.
-Checked appflow.log, log had stopped for more than 20h. Also find some error like this:
TimeStamp="2016-03-02T20:35:33"; Template="265"; Observer="0"; Address=""; Port="<>"; ParseError="Template not known (yet).";
-Checked debug.log, it is full of
Have not implemented parsing for 'None' of length 8 (5951:319) which is needed for template 284.
-Ping the Netscaler, PING OK
-Restarted host and Splunk heavy-weight forwarder, still with no luck.
Has anyone seen this before?
Any advice will be much appreciated!
Thank you very much in advance.
Cheers,
Vincent
![alt text][1]
![alt text][2]
[1]: /storage/temp/107220-ipfix.png
[2]: /storage/temp/107221-ipfix2.png
↧