H3C SecCenter SMP Troubleshooting Guide(E1704)-5W100

HomeSupportSecurityH3C SecCenter SMPDiagnose & MaintainTroubleshootingH3C SecCenter SMP Troubleshooting Guide(E1704)-5W100
Download Book
  • Released At: 25-02-2022
  • Page Views:
  • Downloads:
Table of Contents
Related Documents

 

H3C SecCenter SMP

Troubleshooting Guide

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Document version: 5W100-20210723

Software version: E1704

 

Copyright © 2021 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.



Introduction

This document provides information about troubleshooting common issues with the H3C SecCenter Security Management Platform (SMP).

Unless otherwise stated, the term "host" in this document refers to the device where SMP is installed.

General guidelines

IMPORTANT

IMPORTANT:

To prevent an issue from causing loss of configuration, save the configuration each time you finish configuring a feature. For configuration recovery, regularly back up the configuration to a remote server.

 

When you troubleshoot SMP, follow these general guidelines:

·     To help identify the cause of the issue, collect system and configuration information as much as possible, including:

¡     System version in use.

¡     Symptom, time of failure, and configuration.

¡     Log messages.

¡     Steps you have taken, such as reconfiguration, cable swapping, and reboot.

¡     Output from the commands executed during the troubleshooting process.

·     If program replacement or patch installation is required, use the release notes to ensure software compatibility.

·     Make sure the troubleshooting personnel know well the software operating mechanisms and they are skilled in operating the software and its dependent programs and systems.

Contacting technical support

If an issue persists after you perform the troubleshooting procedures in this document, contact H3C Support. When you contact an authorized H3C support representative, be prepared to provide the information described in "General guidelines." This information will help the support engineer assist you as quickly as possible.

You can contact H3C Support at service@h3c.com or 400-810-0504.

Troubleshooting service startup failures

This section provides troubleshooting information for common service startup failure issues.

Cannot access the Web interface

Symptom

The Web service stops. The Web interface of SMP is not accessible.

Solution

To resolve the issue:

1.     Log in to the host through SSH.

2.     Execute the following commands in sequence:

cd  /opt/ipsm/csap_web/apache-tomcat-8.5.24/bin

./startup.sh

3.     If the issue persists, contact H3C Support.

The Web interface is accessible but no data is displayed on the Monitored Assets page

Symptom

The management center service stops. The Web interface of SMP is accessible, but no data is displayed on the Monitored Assets page even if assets have been added to SMP.

Solution

To resolve the issue:

1.     Log in to the host through SSH.

2.     Execute the following commands in sequence:

cd /opt/ipsm/csap_com

./start.sh

3.     If the issue persists, contact H3C Support.

No performance data is displayed on the Monitored Assets page

Symptom

The proxy service stops. No performance data is displayed on the Monitored Assets page.

Solution

To resolve the issue:

1.     Log in to the host through SSH.

2.     Execute the following commands in sequence:

cd /opt/ipsm/csap_com/native-proxy

./start.sh

3.     If the issue persists, contact H3C Support.

No logs are displayed on the pages under the Log Audit menu

Symptom

The log service stops. When the database service is running correctly and logs are reported to SMP correctly, no logs are displayed on the page under the Log Audit menu.

Solution

To resolve the issue:

1.     Log in to the host through SSH.

2.     Execute the following commands in sequence:

cd /opt/ipsm/csap_log/logColl

./start.sh

3.     If the issue persists, contact H3C Support.

Troubleshooting operation failures

This section provides troubleshooting information for common operation failure issues.

SMP prompts that a signature file does not exist when it pushes that file

Symptom

NFS file sharing has errors. When SMP pushes a signature file, it prompts that the file does not exist.

Solution

To resolve the issue:

1.     Log in to the host through SSH.

2.     Execute the following commands in sequence:

 

IMPORTANT

IMPORTANT:

Replace the local-IP argument with the IP address of the device where the signature file is stored.

 

mount  local-ip:/opt/ipsm/nfs   /opt/ipsm/csap_com/tmp/upload

mount    local-ip:/opt/ipsm/nfs /opt/ipsm/csap_web/apache-tomcat-8.5.24/webapps/skynet/uploadFiles/featureFiles

3.     If the issue persists, contact H3C Support.

SMP prompts that a signature library upgrade succeeds on a device, but the signature library on the device does not upgrade

Symptom

When you upgrade a signature library on a device from SMP, SMP prompts that the upgrade succeeds on the device. However, the signature library on the device does not upgrade.

Solution

To resolve the issue:

1.     Verify that the device and SMP are reachable through NETCONF and the device has a license for the signature library.

2.     Log in to the host through SSH.

3.     Execute the following commands in sequence:

cd  cd /opt/ipsm/csap_com/native-proxy

./start.sh

4.     If the issue persists, contact H3C Support.

A scheduled push task has never been executed on schedule to push a signature file

Symptom

A scheduled push task is configured to push a signature file. However, the task has never been executed on schedule.

Solution

To resolve the issue:

1.     Log in to the host through SSH.

2.     Execute the date command to display the current system time of the host. Verify that the system time is consistent between the host and SMP.

3.     If the issue persists, contact H3C Support.

Logs are collected correctly, but no logs are displayed on the pages under the Log Audit menu

Symptom

Logs are collected correctly, but no logs are displayed on the pages under the Log Audit menu.

Solution

To resolve the issue:

1.     Log in to the host through SSH.

2.     Execute the clickhouse-client command.

¡     If you can access the client, execute the following commands in sequence:

cd  cd /opt/ipsm/csap_com

./start.sh

¡     If you are rejected consecutively, restart the ClickHouse database.

3.     If the issue persists, contact H3C Support.

No performance data is displayed for an asset on the Monitored Assets page even if SMP does not prompt authentication template configuration errors for the asset

Symptom

No performance data is displayed for an asset on the Monitored Assets page even if SMP does not prompt authentication template configuration errors for the asset. (Performance data includes the CPU and memory usage.)

Solution

To resolve the issue:

1.     Verify that the asset template configuration is correct and the SNMP port of the asset can reach the host.

2.     Log in to the host through SSH and execute the following commands in sequence:

cd  cd /opt/ipsm/csap_com/native-proxy

./start.sh

3.     If the issue persists, contact H3C Support.

Troubleshooting installation failures

This section provides troubleshooting information for common installation failure issues.

No performance data is displayed on the details page of an asset

Symptom

No CPU or memory usage data is displayed on the details page of an asset.

Solution

To resolve the issue:

1.     Check the asset type and template configuration. Make sure no errors exist. If SOAP over HTTPS is used, make sure port 832 is open.

2.     Verify that NETCONF over SOAP has been enabled on the asset. If this feature has not been enabled, execute the following commands on the asset to enable this feature:

netconf soap http enable

netconf soap https enable

3.     On the asset, enter the System > Administrators> Administrators page to verify that available services are selected as shown in the following figure:

 

 

4.     If you do not find errors in the previous steps, verify that you have saved all asset settings after you change the settings. Wait for 5 minutes after the save operation and display detailed information about the asset.

5.     If the issue persists, contact H3C Support.

A device is added to SMP, but SMP does not display any log from that device

Symptom

A device is added to SMP, but SMP does not display any log from that device.

Solution

To resolve the issue:

1.     Verify that a log host has been specified for the device and the log host settings are correct.

 

 

2.     Execute the following commands in sequence to verify that the ClickHouse database is running correctly:

cd /opt/ipsm/data/h3cdbms/bin

./clickhouse-client -d ims_log_db --host=10.229.72.71 --port=9000 //Replace the IP address with the actual IP address of the host.

select * from secconf_ips_atk_dtl order by recv_time desc limit 1;

 

 

3.     Modify the log collector parameters as follows:

cd  /opt/ipsm/csap_log/logColl/config/

vi application.yml

 

 

4.     If the log collector process has not started correctly, perform the following tasks:

a.     Execute the following commands in sequence:

cd /opt/ipsm/csap_log/logColl

./stop.sh

./start.sh

 

 

5.     If the previous steps do not find faults, perform the following operations:

a.     Enter the CloudOps deployment directory and execute the start.sh command.

cd /opt/ipsm/csap_com

./stop.sh

./start.sh

 

 

b.     Enter the native proxy deployment directory and execute the start.sh command.

cd  /opt/ipsm/csap_com/native-proxy

./stop.sh

./start.sh

 

 

6.     Access a page under the Log Audit menu to verify that logs collected from the device are displayed.

7.     If the issue persists, contact H3C Support.

Troubleshooting other failures

This section provides troubleshooting information for other common SMP issues.

Processes get stuck because of oversized ClickHouse file

Symptom

ClickHouse database storage error exists. Processes get stuck because of oversized ClickHouse file.

Solution

To resolve the issue:

1.     Log in to the host through SSH and restart the ClickHouse database.

2.     Execute the following commands in sequence:

cd  /opt/ipsm/csap_log/logColl

./stop.sh

3.     After the disk usage drops, execute the ./start.sh command to restart log collection.

4.     If the issue persists, contact H3C Support.

NFS starts up correctly, but program error is reported when you execute the showmount -e command

Symptom

NFS starts up correctly, but program error is reported when you execute the showmount -e command.

Solution

To resolve the issue:

1.     Log in to the host through SSH.

2.     Execute the following commands in sequence:

rpcmountd

showmount –e

3.     If the issue persists, contact H3C Support.

ClickHouse database connection flashing

Symptom

The ClickHouse database is running correctly, but the connection to the database is flashing. No data is displayed on the pages under the Log Audit menu.

Solution

To resolve the issue:

1.     Log in to the host through SSH, and then execute the cd /opt/ipsm/csap_com command.

2.     Execute the ./stop.sh command to stop services, and then execute the ps –ef|grep cloudops commands to display whether the processes in the following figure exist:

 

 

¡     If they exist, execute the kill -9 command, in which 9 is the process ID.

¡     If they do not exist, execute the ./start.sh command to restart the services.

3.     Wait for 1 minute, and then execute the following commands in sequence to restart the native proxy service:

cd  /opt/ipsm/csap_com/native-proxy

./start.sh

4.     If the issue persists, contact H3C Support.

Port 8123 of the ClickHouse database is not accessible

Symptom

Port 8123 of the ClickHouse database is not accessible.

Solution

To resolve the issue:

1.     Execute the rcSuSEfirewall2 stop command to stop the firewall in the system.

2.     If the issue persists, contact H3C Support.

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网