Friday, 21 December 2012

Tufin Syslog Debug & St Info


SYSLOG Debug

1.       Log in to SecureTrack CLI as ‘root’.
2.       Run the command: #tcpdump -i eth0 -vv -w /tmp/Tufin.pcap -s 1500 src <ip address of device> and udp dst port 514
3.       Edit the file: vi /etc/sysconfig/stconf.xml
a.       Find the line  <DetailLevel>normal</DetailLevel> and change ‘normal’ to ‘fine’.
b.      Add the tag: <Number_Of_Syslog_Message_Handlers>1</Number_Of_Syslog_Message_Handlers>
c.       Save & exit
4.       Run the following commands:
#tail -F /var/log/st/syslog_message_handler_0 > /tmp/syslog_message_handler.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &

5.       Run the command #st restart syslog
6.       Commit a change on the device (e.g. add a comment) and wait 5 minutes approximately. Wait for this issue to reproduce.
7.       Stop writing to temp logs (#killall tail).
8.       revert changes in etc/sysconfig/stconf.xml  
9.       Run #st restart syslog
10.   Send me the log files  + /tmp/Tufin.pcap

-------------------------------------------

st info is smilar to cpinfo in Check Point, it does collect the Tufin's full config, not the monitored device revisions or policies.

Part 2: Create STINFO file.

1.            Log in to SecureTrack’s CLI as root.
2.            Run the command #st info

No comments:

Post a comment