cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re-read cap file on AMD

henk_stobbe
Mentor

When you place a .cap file on /var/spool/adlex/cba, and after that a very small xml is created, so basically the AMD can not read cap,  is there a log showing what goes wrong? 

or how can I check the cap file is ok. FYI wireshark and tcpdump have no issue's with the cap,

 

KR Henk Stobbe

2 REPLIES 2

ulf_thorn222
Inactive

CAP isn't a very well guarded format I'm afraid.

I think there are at least half a dozen different versions and flavours of CAP and the AMD is quite picky on what it "eats".

In Wireshark - choose Libcap or try the different Wireshark CAP's. Eventually you will hit the right one (smile)

adam_piotrowicz
Dynatrace Pro
Dynatrace Pro

As Ulf says, try to open in Wireshark and save as the very first format on the list.

If it won't help please take a look at /usr/adlex/log/cba.log and  /usr/adlex/log/cba-agent.log