Genian NAC diagnosis Method =========================== This section provides an overview of the major processes used by Genian NAC that can be examined to troubleshoot issues. Genian NAC Process Description ------------------------------ Policy Server Processes ''''''''''''''''''''''' .. code:: bash centerd: Policy and node management processes sensord: Network Sensor Process mysql: Node and policy information is stored in the database httpd: Web service Daemon java: As a Java process for running the WebUI, Interworking between Web and Database procmond: A process monitor daemon used by Genian NAC, Monitor abnormal termination and perform re-execution sshd: Daemon for providing SSH remote access syslog-ng: SYSLOG Daemon hbd: A daemon that performs actions (such as reboot) to normalize the system after a certain period of time if a hardware or software failure occurs mysqld_safe: Script to save restart and runtime information in Mysqld_error when mysqld server fails gnlogin: Providing services for executing CLI commands crond: A daemon that performs scripts and commands on a specified cycle Network Sensor Processes '''''''''''''''''''''''' .. code:: bash sensord: Network Sensor Process nmap: Scan tool that Network information of Node procmond: A process monitor daemon used by Genian NAC, Monitor abnormal termination and perform re-execution sshd: Daemon for providing SSH remote access syslog-ng: SYSLOG Daemon hbd: A daemon that performs actions (such as reboot) to normalize the system after a certain period of time if a hardware or software failure occurs Agent Processes ''''''''''''''' .. code:: bash Process name : GnAgent.exe Description : Genian Agent Function : Agent integrity check, node policy reception and GnPlugin run management Execution cycle: Always Execution condition: Always after Windows logon Process name: GnPlugin.exe Description: Genian Action Plugin Function: Perform action policy of node policy and send result Execution cycle: Always Execution condition: Always when an action policy exists in a node policy Process name: GnStart.exe Description: Genian Starter Function: Agent integrity check, GnAgent execution management, Keep Alive transfer Execution cycle: Always Execution condition: Always Process name: GnAccount.exe Description: Genian User Account Manager Function: when running the GnAgent process with a specific account instead of an OS logon account Execution cycle: When an event occurs Execution condition: Node Policy>Execution Account Process name: GnDump.exe Description: Genian Agent Dump Utility Function: Dump Agent Debug Logs Execution cycle: None Execution condition: Operates only when executed manually Process name: GnExLib.exe Description: Genian External Module Function: Register external authentication module (ex. dll) Execution cycle: None Execution condition: Works only when executed manually Process name: GnScript.exe Description: Genians Software Install Manager Function: Install Agent Execution cycle: None Execution condition: Performed only during agent installation Process name: GnUpdate.exe Description: Genian Updater Function: Update Genian Agent automatically Execution cycle: 6 hour Execution condition: None Process name: GnUtil.exe Description: Genian Agent Utility Funcfiton: Compute the SHA1 hash value of a specific file Execution cycle: None Execution condition: Works only when executed manually System Log Description ---------------------- Policy Server Log ''''''''''''''''' **Location:** ``/disk/data/logs`` Elasticsearch ''''''''''''' .. code:: bash GENIAN.log: Elasticsearch process abnormal termination and restart error log, etc. httpd '''''' .. code:: bash Error_log: httpd error log Mod_jk.log: Apache and Tomcat communicate using Apache JServ Protocol (AJP) to communicate with each other and configure it using a module called mod_jk - Apache and tomcat related error log mysqld '''''' .. code:: bash Initdb.log: Logs generated during database initialization Check whether the table is abnormal when driving Mysqld.error: error log during mysql operation Slowquery.log: SQL Query Log for long-running jobs - Refer to when a specific action takes a long time during NAC operation system ''''''' .. code:: Agent: Agent log stored in PC is called from policy server and stored - call command: centerd -dfg centerd: Logs of actions performed by the Policy Server - Policy Server status, Node role status, Authentication, integration, Data sync etc sensord: Save the operation and error log performed by the network sensor - Network Sensor status, Node detection, UP / Down, policy reception etc messages: Hardware status related messages like dmesg procmond: Process terminated abnormally and restart log scanraw: Network scan information of Node for the platform's detection of the node updown: Agent Up / Down status log authsync: Database synchronization related logs dbmigration: Save database migration results gnlogin: console Login History Saving radius.log: Saving RADIUS Status and Node Authentication Logs tomcat ''''''' .. code:: Catalina.out: The catalina.log file contains all log messages that are written to Tomcat's system.out and system.err streams. The catalina.out file can include: - Uncaught exceptions printed by java.lang.ThreadGroup.uncaughtException(..) - Thread dumps, if you requested them via a system signal System Inspection ----------------- Check script for the status of the Genian NAC system. - Follow the below steps, as shown in the code box: - Connect to the Policy Server Console directly or by SSH. - Enter configuration mode. - Enter shell mode. - Use the ``sysinspect.sh`` command to check the system status. .. code:: bash genian> en genian# @shell Genians$ sysinspect.sh ==========Regualr Inspection========== 1) Check Server/Service infomation 2) Check Service status 3) Check Disk & Memory information 4) Check Smartctl 5) Check Slow Query 6) Check Total Inspection 9) Check Setup Config ====================================== Enter Select Number : Check Server/Service information '''''''''''''''''''''''''''''''' - ServerRole: Refer to the configuration of the server to indicate the role of the server. - H/W duplication: Check if the server is redundant. If redundant, check if the server is master or slave. - DB replication: Check if the DB is redundant - ALIVE: If DB replication status of Master / Slave server is normal, ALIVE - MISMATCH or result is broken: If DB replication state of Master / Slave server is abnormal - System Uptime: Number of Users in Server, Server CPU Load - Platform: The model name of the server - Version: The version of the image installed on this server - MAC Address List: MAC Address list output - Service Version: The version of services used by the server - Elasticsearch indices Health check: Check the status of ElasticSearch indexes - green: normal, Yellow / Red: abnormal - Last 7 days Log Backup Check(Today Warning): Ensure Log backup is working properly - Last 7 days DB Backup Check(Today Warning): Ensure Policy / Node backup is working properly Check service status '''''''''''''''''''' Verify that all necessary processes are running on Genian NAC. Necessary processes by component: .. code:: bash Policy Server: Mysqld, elasticsearch, java, centerd, sensord, httpd, procmond, sshd, syslog-ng, radius (Need confirmation if using RADIUS server), vrrpd (Need confirmation if using HA configuration) Network Sensor: sensord, procmond, sshd Check Disk & Memory information ''''''''''''''''''''''''''''''' Check the server's hard disk capacity and memory. If the hard disk is full or there is no free memory, Genian NAC may encounter the following problems. - Genian NAC operation is slow or does not work - When a backup file is not created Check Smartctl '''''''''''''' Check hard disk status If the RAW_VALUE value of Reallocated_sector_ct is not 0, there is a problem with the hard disk. Genian NAC operation may be defective, requiring hard disk replacement Check Total Inspection '''''''''''''''''''''' The server state described above is output at once Check Setup Config '''''''''''''''''' - Check for any missing basic settings - How to check sensor and node status through CLI command How to Check Network Sensor Status: .. code:: bash genian# show enforcer interface | mode | active | local | request | strict | max bond0.100 | 2 | OFF | ON | OFF | OFF | 10 bond0.101 | 2 | OFF | ON | OFF | OFF | 10 How to Check Node Status: .. code:: bash genian# show nodeinfo filter [IP address] IP | MAC | device | sta | up | age | idle | expire | noderole 172.29.20.183 | 00:E0:4C:36:0D:F8 | eth0 | 1 | 1 | 1728088 | 5 | -3118306 | Denied by IPAM(10) ARP Poisoning list genian# show nodeinfo poisoning [IP address] IP=172.29.111.55 MAC=00:05:1B:A3:E2:07 IF=bond0.111 TARGET=172.29.111.56 ACTIVE=1 LASTREQ=832 DSTTOXIC=0 TARGET=172.29.111.254 ACTIVE=1 LASTREQ=0 DSTTOXIC=0