.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
You may face continuous packet drop issue since upgrading to 12.4.x. You might see the following similar logs.
/var/log/messages:
Jul 26 12:38:16 xxx NwDecoder[4857]: [Packet] [warning] Packet drops encountered, decoder_session assembled (149993/300000): check parse content (parsers, feeds, app rules)
Jul 26 12:39:17 xxx NwDecoder[4857]: [Packet] [warning] Packet drops encountered, decoder_session assembled (149996/300000): check parse content (parsers, feeds, app rules)
Jul 26 12:38:16 xxx NwDecoder[4857]: [Packet] [warning] Packet drops encountered, decoder_session assembled (149993/300000): check parse content (parsers, feeds, app rules)
Jul 26 12:39:17 xxx NwDecoder[4857]: [Packet] [warning] Packet drops encountered, decoder_session assembled (149996/300000): check parse content (parsers, feeds, app rules)
In past cases, this has mainly occurred when using 10G port DPDK.
Resolution
Found the Decoder performance issue with Dynamic Domain DNS feed that is deprecated and no longer supported by NetWitness.So you should disable this feed refer to the following step:
1. Log in to NetWitness UI
2. Go to "Admin -> SERVICES -> Decoder(The problematic one) -> Explore"
3. Then go to "decoder -> parsers -> feeds" on the let panel
4. Click the dynamic_dns.feed and change Feed Enabled(feed.enabled) to " no" from "yes". Below the example screen shot.
Notes
If the issue persists after the steps above is performed, contact NetWitness Support and quote this article number for further assistance.Product Details
NetWitness Product Set: NetWitness Log and NetworkNetWitness Product/Service Type: Decoder
NetWitness Version/Condition: 12.4.x
Approval Reviewer Queue
Technical approval queue