Genian NAC diagnosis Method
===========================
This section provides an overview of the major processes used by Genian NAC that can be examined to troubleshoot issues.
Genian NAC Process Description
------------------------------
Policy Server Processes
'''''''''''''''''''''''
.. code:: bash
centerd: Policy and node management processes
sensord: Network Sensor Process
mysql: Node and policy information is stored in the database
httpd: Web service Daemon
java: As a Java process for running the WebUI, Interworking between Web and Database
procmond: A process monitor daemon used by Genian NAC, Monitor abnormal termination and perform re-execution
sshd: Daemon for providing SSH remote access
syslog-ng: SYSLOG Daemon
hbd: A daemon that performs actions (such as reboot) to normalize the system after a certain period of time if a hardware or software failure occurs
mysqld_safe: Script to save restart and runtime information in Mysqld_error when mysqld server fails
gnlogin: Providing services for executing CLI commands
crond: A daemon that performs scripts and commands on a specified cycle
Network Sensor Processes
''''''''''''''''''''''''
.. code:: bash
sensord: Network Sensor Process
nmap: Scan tool that Network information of Node
procmond: A process monitor daemon used by Genian NAC, Monitor abnormal termination and perform re-execution
sshd: Daemon for providing SSH remote access
syslog-ng: SYSLOG Daemon
hbd: A daemon that performs actions (such as reboot) to normalize the system after a certain period of time if a hardware or software failure occurs
Agent Processes
'''''''''''''''
.. code:: bash
Process name : GnAgent.exe
Description : Genian Agent
Function : Agent integrity check, node policy reception and GnPlugin run management
Execution cycle: Always
Execution condition: Always after Windows logon
Process name: GnPlugin.exe
Description: Genian Action Plugin
Function: Perform action policy of node policy and send result
Execution cycle: Always
Execution condition: Always when an action policy exists in a node policy
Process name: GnStart.exe
Description: Genian Starter
Function: Agent integrity check, GnAgent execution management, Keep Alive transfer
Execution cycle: Always
Execution condition: Always
Process name: GnAccount.exe
Description: Genian User Account Manager
Function: when running the GnAgent process with a specific account instead of an OS logon account
Execution cycle: When an event occurs
Execution condition: Node Policy>Execution Account
Process name: GnDump.exe
Description: Genian Agent Dump Utility
Function: Dump Agent Debug Logs
Execution cycle: None
Execution condition: Operates only when executed manually
Process name: GnExLib.exe
Description: Genian External Module
Function: Register external authentication module (ex. dll)
Execution cycle: None
Execution condition: Works only when executed manually
Process name: GnScript.exe
Description: Genians Software Install Manager
Function: Install Agent
Execution cycle: None
Execution condition: Performed only during agent installation
Process name: GnUpdate.exe
Description: Genian Updater
Function: Update Genian Agent automatically
Execution cycle: 6 hour
Execution condition: None
Process name: GnUtil.exe
Description: Genian Agent Utility
Funcfiton: Compute the SHA1 hash value of a specific file
Execution cycle: None
Execution condition: Works only when executed manually
System Log Description
----------------------
Policy Server Log
'''''''''''''''''
**Location:** ``/disk/data/logs``
Elasticsearch
'''''''''''''
.. code:: bash
GENIAN.log: Elasticsearch process abnormal termination and restart error log, etc.
httpd
''''''
.. code:: bash
Error_log: httpd error log
Mod_jk.log: Apache and Tomcat communicate using Apache JServ Protocol (AJP) to communicate with each other and configure it using a module called mod_jk
- Apache and tomcat related error log
mysqld
''''''
.. code:: bash
Initdb.log: Logs generated during database initialization
Check whether the table is abnormal when driving
Mysqld.error: error log during mysql operation
Slowquery.log: SQL Query Log for long-running jobs
- Refer to when a specific action takes a long time during NAC operation
system
'''''''
.. code::
Agent: Agent log stored in PC is called from policy server and stored
- call command: centerd -dfg
centerd: Logs of actions performed by the Policy Server
- Policy Server status, Node role status, Authentication, integration, Data sync etc
sensord: Save the operation and error log performed by the network sensor
- Network Sensor status, Node detection, UP / Down, policy reception etc
messages: Hardware status related messages like dmesg
procmond: Process terminated abnormally and restart log
scanraw: Network scan information of Node for the platform's detection of the node
updown: Agent Up / Down status log
authsync: Database synchronization related logs
dbmigration: Save database migration results
gnlogin: console Login History Saving
radius.log: Saving RADIUS Status and Node Authentication Logs
tomcat
'''''''
.. code::
Catalina.out: The catalina.log file contains all log messages that are written to Tomcat's system.out and system.err streams.
The catalina.out file can include:
- Uncaught exceptions printed by java.lang.ThreadGroup.uncaughtException(..)
- Thread dumps, if you requested them via a system signal
System Inspection
-----------------
Check script for the status of the Genian NAC system.
- Follow the below steps, as shown in the code box:
- Connect to the Policy Server Console directly or by SSH.
- Enter configuration mode.
- Enter shell mode.
- Use the ``sysinspect.sh`` command to check the system status.
.. code:: bash
genian> en
genian# @shell
Genians$ sysinspect.sh
==========Regualr Inspection==========
1) Check Server/Service infomation
2) Check Service status
3) Check Disk & Memory information
4) Check Smartctl
5) Check Slow Query
6) Check Total Inspection
9) Check Setup Config
======================================
Enter Select Number :
Check Server/Service information
''''''''''''''''''''''''''''''''
- ServerRole: Refer to the configuration of the server to indicate the role of the server.
- H/W duplication: Check if the server is redundant. If redundant, check if the server is master or slave.
- DB replication: Check if the DB is redundant
- ALIVE: If DB replication status of Master / Slave server is normal, ALIVE
- MISMATCH or result is broken: If DB replication state of Master / Slave server is abnormal
- System Uptime: Number of Users in Server, Server CPU Load
- Platform: The model name of the server
- Version: The version of the image installed on this server
- MAC Address List: MAC Address list output
- Service Version: The version of services used by the server
- Elasticsearch indices Health check: Check the status of ElasticSearch indexes
- green: normal, Yellow / Red: abnormal
- Last 7 days Log Backup Check(Today Warning): Ensure Log backup is working properly
- Last 7 days DB Backup Check(Today Warning): Ensure Policy / Node backup is working properly
Check service status
''''''''''''''''''''
Verify that all necessary processes are running on Genian NAC.
Necessary processes by component:
.. code:: bash
Policy Server:
Mysqld, elasticsearch, java, centerd, sensord, httpd, procmond, sshd, syslog-ng, radius (Need confirmation if using RADIUS server), vrrpd (Need confirmation if using HA configuration)
Network Sensor:
sensord, procmond, sshd
Check Disk & Memory information
'''''''''''''''''''''''''''''''
Check the server's hard disk capacity and memory.
If the hard disk is full or there is no free memory, Genian NAC may encounter the following problems.
- Genian NAC operation is slow or does not work
- When a backup file is not created
Check Smartctl
''''''''''''''
Check hard disk status
If the RAW_VALUE value of Reallocated_sector_ct is not 0, there is a problem with the hard disk.
Genian NAC operation may be defective, requiring hard disk replacement
Check Total Inspection
''''''''''''''''''''''
The server state described above is output at once
Check Setup Config
''''''''''''''''''
- Check for any missing basic settings
- How to check sensor and node status through CLI command
How to Check Network Sensor Status:
.. code:: bash
genian# show enforcer
interface | mode | active | local | request | strict | max
bond0.100 | 2 | OFF | ON | OFF | OFF | 10
bond0.101 | 2 | OFF | ON | OFF | OFF | 10
How to Check Node Status:
.. code:: bash
genian# show nodeinfo filter [IP address]
IP | MAC | device | sta | up | age | idle | expire | noderole
172.29.20.183 | 00:E0:4C:36:0D:F8 | eth0 | 1 | 1 | 1728088 | 5 | -3118306 | Denied by IPAM(10)
ARP Poisoning list
genian# show nodeinfo poisoning [IP address]
IP=172.29.111.55 MAC=00:05:1B:A3:E2:07 IF=bond0.111
TARGET=172.29.111.56 ACTIVE=1 LASTREQ=832 DSTTOXIC=0
TARGET=172.29.111.254 ACTIVE=1 LASTREQ=0 DSTTOXIC=0