- Released At: 25-02-2022
- Page Views:
- Downloads:
- Table of Contents
- Related Documents
-
|
H3C SecCenter SMP |
Troubleshooting Guide |
|
|
Document version: 5W100-20210723
Software version: E1704
Copyright © 2021 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Troubleshooting service startup failures
Cannot access the Web interface
The Web interface is accessible but no data is displayed on the Monitored Assets page
No performance data is displayed on the Monitored Assets page
No logs are displayed on the pages under the Log Audit menu
Troubleshooting operation failures
SMP prompts that a signature file does not exist when it pushes that file
A scheduled push task has never been executed on schedule to push a signature file
Logs are collected correctly, but no logs are displayed on the pages under the Log Audit menu
Troubleshooting installation failures
No performance data is displayed on the details page of an asset
A device is added to SMP, but SMP does not display any log from that device
Troubleshooting other failures
Processes get stuck because of oversized ClickHouse file
NFS starts up correctly, but program error is reported when you execute the showmount -e command
ClickHouse database connection flashing
Port 8123 of the ClickHouse database is not accessible
Introduction
This document provides information about troubleshooting common issues with the H3C SecCenter Security Management Platform (SMP).
Unless otherwise stated, the term "host" in this document refers to the device where SMP is installed.
General guidelines
|
IMPORTANT: To prevent an issue from causing loss of configuration, save the configuration each time you finish configuring a feature. For configuration recovery, regularly back up the configuration to a remote server. |
When you troubleshoot SMP, follow these general guidelines:
· To help identify the cause of the issue, collect system and configuration information as much as possible, including:
¡ System version in use.
¡ Symptom, time of failure, and configuration.
¡ Log messages.
¡ Steps you have taken, such as reconfiguration, cable swapping, and reboot.
¡ Output from the commands executed during the troubleshooting process.
· If program replacement or patch installation is required, use the release notes to ensure software compatibility.
· Make sure the troubleshooting personnel know well the software operating mechanisms and they are skilled in operating the software and its dependent programs and systems.
Contacting technical support
If an issue persists after you perform the troubleshooting procedures in this document, contact H3C Support. When you contact an authorized H3C support representative, be prepared to provide the information described in "General guidelines." This information will help the support engineer assist you as quickly as possible.
You can contact H3C Support at service@h3c.com or 400-810-0504.
Troubleshooting service startup failures
This section provides troubleshooting information for common service startup failure issues.
Cannot access the Web interface
Symptom
The Web service stops. The Web interface of SMP is not accessible.
Solution
To resolve the issue:
1. Log in to the host through SSH.
2. Execute the following commands in sequence:
cd /opt/ipsm/csap_web/apache-tomcat-8.5.24/bin
./startup.sh
3. If the issue persists, contact H3C Support.
The Web interface is accessible but no data is displayed on the Monitored Assets page
Symptom
The management center service stops. The Web interface of SMP is accessible, but no data is displayed on the Monitored Assets page even if assets have been added to SMP.
Solution
To resolve the issue:
1. Log in to the host through SSH.
2. Execute the following commands in sequence:
cd /opt/ipsm/csap_com
./start.sh
3. If the issue persists, contact H3C Support.
No performance data is displayed on the Monitored Assets page
Symptom
The proxy service stops. No performance data is displayed on the Monitored Assets page.
Solution
To resolve the issue:
1. Log in to the host through SSH.
2. Execute the following commands in sequence:
cd /opt/ipsm/csap_com/native-proxy
./start.sh
3. If the issue persists, contact H3C Support.
No logs are displayed on the pages under the Log Audit menu
Symptom
The log service stops. When the database service is running correctly and logs are reported to SMP correctly, no logs are displayed on the page under the Log Audit menu.
Solution
To resolve the issue:
1. Log in to the host through SSH.
2. Execute the following commands in sequence:
cd /opt/ipsm/csap_log/logColl
./start.sh
3. If the issue persists, contact H3C Support.
Troubleshooting operation failures
This section provides troubleshooting information for common operation failure issues.
SMP prompts that a signature file does not exist when it pushes that file
Symptom
NFS file sharing has errors. When SMP pushes a signature file, it prompts that the file does not exist.
Solution
To resolve the issue:
1. Log in to the host through SSH.
2. Execute the following commands in sequence:
|
IMPORTANT: Replace the local-IP argument with the IP address of the device where the signature file is stored. |
mount local-ip:/opt/ipsm/nfs /opt/ipsm/csap_com/tmp/upload
mount local-ip:/opt/ipsm/nfs /opt/ipsm/csap_web/apache-tomcat-8.5.24/webapps/skynet/uploadFiles/featureFiles
3. If the issue persists, contact H3C Support.
SMP prompts that a signature library upgrade succeeds on a device, but the signature library on the device does not upgrade
Symptom
When you upgrade a signature library on a device from SMP, SMP prompts that the upgrade succeeds on the device. However, the signature library on the device does not upgrade.
Solution
To resolve the issue:
1. Verify that the device and SMP are reachable through NETCONF and the device has a license for the signature library.
2. Log in to the host through SSH.
3. Execute the following commands in sequence:
cd cd /opt/ipsm/csap_com/native-proxy
./start.sh
4. If the issue persists, contact H3C Support.
A scheduled push task has never been executed on schedule to push a signature file
Symptom
A scheduled push task is configured to push a signature file. However, the task has never been executed on schedule.
Solution
To resolve the issue:
1. Log in to the host through SSH.
2. Execute the date command to display the current system time of the host. Verify that the system time is consistent between the host and SMP.
3. If the issue persists, contact H3C Support.
Logs are collected correctly, but no logs are displayed on the pages under the Log Audit menu
Symptom
Logs are collected correctly, but no logs are displayed on the pages under the Log Audit menu.
Solution
To resolve the issue:
1. Log in to the host through SSH.
2. Execute the clickhouse-client command.
¡ If you can access the client, execute the following commands in sequence:
cd cd /opt/ipsm/csap_com
./start.sh
¡ If you are rejected consecutively, restart the ClickHouse database.
3. If the issue persists, contact H3C Support.
No performance data is displayed for an asset on the Monitored Assets page even if SMP does not prompt authentication template configuration errors for the asset
Symptom
No performance data is displayed for an asset on the Monitored Assets page even if SMP does not prompt authentication template configuration errors for the asset. (Performance data includes the CPU and memory usage.)
Solution
To resolve the issue:
1. Verify that the asset template configuration is correct and the SNMP port of the asset can reach the host.
2. Log in to the host through SSH and execute the following commands in sequence:
cd cd /opt/ipsm/csap_com/native-proxy
./start.sh
3. If the issue persists, contact H3C Support.
Troubleshooting installation failures
This section provides troubleshooting information for common installation failure issues.
No performance data is displayed on the details page of an asset
Symptom
No CPU or memory usage data is displayed on the details page of an asset.
Solution
To resolve the issue:
1. Check the asset type and template configuration. Make sure no errors exist. If SOAP over HTTPS is used, make sure port 832 is open.
2. Verify that NETCONF over SOAP has been enabled on the asset. If this feature has not been enabled, execute the following commands on the asset to enable this feature:
netconf soap http enable
netconf soap https enable
3. On the asset, enter the System > Administrators> Administrators page to verify that available services are selected as shown in the following figure:
4. If you do not find errors in the previous steps, verify that you have saved all asset settings after you change the settings. Wait for 5 minutes after the save operation and display detailed information about the asset.
5. If the issue persists, contact H3C Support.
A device is added to SMP, but SMP does not display any log from that device
Symptom
A device is added to SMP, but SMP does not display any log from that device.
Solution
To resolve the issue:
1. Verify that a log host has been specified for the device and the log host settings are correct.
2. Execute the following commands in sequence to verify that the ClickHouse database is running correctly:
cd /opt/ipsm/data/h3cdbms/bin
./clickhouse-client -d ims_log_db --host=10.229.72.71 --port=9000 //Replace the IP address with the actual IP address of the host.
select * from secconf_ips_atk_dtl order by recv_time desc limit 1;
3. Modify the log collector parameters as follows:
cd /opt/ipsm/csap_log/logColl/config/
vi application.yml
4. If the log collector process has not started correctly, perform the following tasks:
a. Execute the following commands in sequence:
cd /opt/ipsm/csap_log/logColl
./stop.sh
./start.sh
5. If the previous steps do not find faults, perform the following operations:
a. Enter the CloudOps deployment directory and execute the start.sh command.
cd /opt/ipsm/csap_com
./stop.sh
./start.sh
b. Enter the native proxy deployment directory and execute the start.sh command.
cd /opt/ipsm/csap_com/native-proxy
./stop.sh
./start.sh
6. Access a page under the Log Audit menu to verify that logs collected from the device are displayed.
7. If the issue persists, contact H3C Support.
Troubleshooting other failures
This section provides troubleshooting information for other common SMP issues.
Processes get stuck because of oversized ClickHouse file
Symptom
ClickHouse database storage error exists. Processes get stuck because of oversized ClickHouse file.
Solution
To resolve the issue:
1. Log in to the host through SSH and restart the ClickHouse database.
2. Execute the following commands in sequence:
cd /opt/ipsm/csap_log/logColl
./stop.sh
3. After the disk usage drops, execute the ./start.sh command to restart log collection.
4. If the issue persists, contact H3C Support.
NFS starts up correctly, but program error is reported when you execute the showmount -e command
Symptom
NFS starts up correctly, but program error is reported when you execute the showmount -e command.
Solution
To resolve the issue:
1. Log in to the host through SSH.
2. Execute the following commands in sequence:
rpcmountd
showmount –e
3. If the issue persists, contact H3C Support.
ClickHouse database connection flashing
Symptom
The ClickHouse database is running correctly, but the connection to the database is flashing. No data is displayed on the pages under the Log Audit menu.
Solution
To resolve the issue:
1. Log in to the host through SSH, and then execute the cd /opt/ipsm/csap_com command.
2. Execute the ./stop.sh command to stop services, and then execute the ps –ef|grep cloudops commands to display whether the processes in the following figure exist:
¡ If they exist, execute the kill -9 command, in which 9 is the process ID.
¡ If they do not exist, execute the ./start.sh command to restart the services.
3. Wait for 1 minute, and then execute the following commands in sequence to restart the native proxy service:
cd /opt/ipsm/csap_com/native-proxy
./start.sh
4. If the issue persists, contact H3C Support.
Port 8123 of the ClickHouse database is not accessible
Symptom
Port 8123 of the ClickHouse database is not accessible.
Solution
To resolve the issue:
1. Execute the rcSuSEfirewall2 stop command to stop the firewall in the system.
2. If the issue persists, contact H3C Support.