Genian ZTNA log collection method
=================================

Genian ZTNA supports debug dumps for each component when an issue arises.
The dump file is used for issue analysis.

How to Collect the Agent Log
----------------------------

Collecting via Web Console
''''''''''''''''''''''''''

#. Navigate to the **Management > Node** tab
#. Click the check-box beside the Node(s) you wish to collect logs from, and
   select to **Tasks > Bulk Actions**, or select an individual node IP.
#. Select **Run Node Tasks** from the dropdown, or use the **Node Tasks** menu
   if viewing a single node. 
#. Select **Collect Agent Logs** and click **Run** if applicable.
#. After collection is complete, the logs can be viewed and searched in
   **Log > Debug Logs**.

Collecting via Endpoint 
'''''''''''''''''''''''

- Right-Click the **Agent Icon** on the endpoint
- Select the **About Genian Agent(A)**
- Click the ``Save Error Logs``
- Log dump file is stored in **C:\** on Windows , **/Users/Shared/Genians** on Mac
- In form of GnAgent _[DateTime].zip on Windows and Genians _[DateTime].zip on Mac

.. note::
	- Log collection in an Active Directory environment requires domain administrator-level privileges.
	- For LINUX devices, you must go directly to the debug storage path and collect it. **/var/log/genians**.

How to Collect the Policy Server and Network Sensor
---------------------------------------------------

The Policy Server and Network Sensor come with a feature for centrally collecting and exporting error logs. 
The log can be uploaded to a JIRA issue or saved locally.

Collecting via Web Console
''''''''''''''''''''''''''

#. Navigate to the **System** tab
#. Click the check-box beside the Appliance you wish to collect logs from.
#. Select to **Tasks > SysCollect**
#. Select if Center, Sensor, and/or Agent logs should be included for
   collection, and click **Start**.
#. After collection is complete, the logs can be viewed and searched in
   **Log > Debug Logs > system > agent**.

Collecting via Command Line Interface
'''''''''''''''''''''''''''''''''''''

Follow the below steps, as shown in the code box: 

- Connect to the Policy Server or Sensor through console or SSH.
- Login.
- Enter configuration mode.
- Enter shell mode.
- Use the command ``syscollect.sh`` to generate a compilation of the component logs.

 - Select if you would like to upload logs. 
 - Select which components to collect logs from. 

.. code-block:: bash

 genian> en

 genian# @shell

 Genians$ syscollect.sh 

 Do you want upload to GENIANS IMS ? (Y/n) 
 Do you want to trace centerd ? (y/N) 
 Do you want to trace sensord ? (y/N) 
 Do you want to collect agent logs ? (y/N) 

Collect network communication packets between components
--------------------------------------------------------

Usage example
'''''''''''''

.. code:: bash

	tcpdump -i eth0 port 80 and udp
	- Capture for udp through 80 port on interface eth0
	
	tcpdump -i eth0 -e  
	- Include ethernet information on interface eth0 and capture it.

	tcpdump -i eth0 net 192.168.
	- Captures a packet starting at 192.168 on interface eth0

	tcpdump -i eth0 host [IP address] and ARP[7] == 2
	- Capture for arp Reply packets on interface eth0

	tcpdump -i eth0 -w file1 port 80 and udp
	- Save captures for port 80 and udp packets on interface eth0 as ABC files

Option Definition
'''''''''''''''''

.. code::

 -v: When parsing and printing, produce (slightly more) verbose output. For example, the time to live,
     identification, total length and options in an IP packet are printed. Also enables additional packet
     integrity checks such as verifying the IP and ICMP header checksum.
 -n: Don't convert addresses (i.e., host addresses, port numbers, etc.) to names  
 -e: Print the link-level header on each dump line. This can be used, for example, to print MAC layer addresses
     for protocols such as Ethernet
 -w: Write the raw packets to file rather than parsing and printing them out.
 -A: Print each packet (minus its link level header) in ASCII. 
 -q: Quick (quiet?) output. Print less protocol information so output lines are shorter.

Conditional expression
''''''''''''''''''''''

.. code:: bash

	host : Capture all packets containing the IP address you entered.
	dst host : Filter by Destination IP Address
	src host : Filter by Source IP Address
	ether host : Capture all packets that contain the entered MAC address.
	ether dst : Filter by Destination MAC addr of Ether Frame 
	ether src : Filter by Source MAC addr of Ether Frame 
	net : Capture to the network subnet
	dst net: Capture to the network destination subnet.
	src net: Capture to the network source subnet.

Export Log Files From Genian ZTNA
----------------------------------

Genian ZTNA shell mode supports the SCP command for sending files through SSH.

Navigate to **/disk/data/temp/** and use the follwing command format to send the logs to their destination:

Usage example
'''''''''''''

.. code:: bash

	scp [filename] [username]@[destinationIP]:[destinationPath]