SYSLOG Debug
1. Log in to SecureTrack CLI as ‘root’.
2. Run the command: #tcpdump -i eth0 -vv
-w /tmp/Tufin.pcap -s 1500 src <ip address of device> and udp dst port
514
3. Edit the file: vi /etc/sysconfig/stconf.xml
a.
Find
the line <DetailLevel>normal</DetailLevel> and change
‘normal’ to ‘fine’.
b.
Add
the tag: <Number_Of_Syslog_Message_Handlers>1</Number_Of_Syslog_Message_Handlers>
c.
Save
& exit
4. Run the following commands:
#tail -F
/var/log/st/syslog_message_handler_0 > /tmp/syslog_message_handler.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &
5. Run the command #st restart syslog
6. Commit a change on the device (e.g. add
a comment) and wait 5 minutes approximately. Wait for this issue to reproduce.
7. Stop writing to temp logs (#killall
tail).
8. revert changes in etc/sysconfig/stconf.xml
9. Run #st restart syslog
10. Send me the log files +
/tmp/Tufin.pcap
-------------------------------------------
st info is smilar to cpinfo in Check Point, it does collect the Tufin's full config, not the monitored device revisions or policies.
Part 2: Create STINFO
file.
1.
Log in to SecureTrack’s CLI as root.
2.
Run the command #st info
No comments:
Post a Comment