Genian NAC diagnosis Method

This section provides an overview of the major processes used by Genian NAC that can be examined to troubleshoot issues.

Genian NAC Process Description

Policy Server Processes

centerd: Policy and node management processes
sensord: Network Sensor Process
mysql: Node and policy information is stored in the database
httpd: Web service Daemon
java: As a Java process for running the WebUI, Interworking between Web and Database
procmond: A process monitor daemon used by Genian NAC, Monitor abnormal termination and perform re-execution
sshd: Daemon for providing SSH remote access
syslog-ng: SYSLOG Daemon
hbd: A daemon that performs actions (such as reboot) to normalize the system after a certain period of time if a hardware or software failure occurs
mysqld_safe: Script to save restart and runtime information in Mysqld_error when mysqld server fails
gnlogin: Providing services for executing CLI commands
crond: A daemon that performs scripts and commands on a specified cycle

Network Sensor Processes

sensord: Network Sensor Process
nmap: Scan tool that Network information of Node
procmond: A process monitor daemon used by Genian NAC, Monitor abnormal termination and perform re-execution
sshd: Daemon for providing SSH remote access
syslog-ng: SYSLOG Daemon
hbd: A daemon that performs actions (such as reboot) to normalize the system after a certain period of time if a hardware or software failure occurs

Agent Processes

Process name : GnAgent.exe
Description : Genian Agent
Function : Agent integrity check, node policy reception and GnPlugin run management
Execution cycle: Always
Execution condition: Always after Windows logon

Process name: GnPlugin.exe
Description: Genian Action Plugin
Function: Perform action policy of node policy and send result
Execution cycle: Always
Execution condition: Always when an action policy exists in a node policy

Process name: GnStart.exe
Description: Genian Starter
Function: Agent integrity check, GnAgent execution management, Keep Alive transfer
Execution cycle: Always
Execution condition: Always

Process name: GnAccount.exe
Description: Genian User Account Manager
Function: when running the GnAgent process with a specific account instead of an OS logon account
Execution cycle: When an event occurs
Execution condition: Node Policy>Execution Account

Process name: GnDump.exe
Description: Genian Agent Dump Utility
Function: Dump Agent Debug Logs
Execution cycle: None
Execution condition: Operates only when executed manually

Process name: GnExLib.exe
Description: Genian External Module
Function: Register external authentication module (ex. dll)
Execution cycle: None
Execution condition: Works only when executed manually

Process name: GnScript.exe
Description: Genians Software Install Manager
Function: Install Agent
Execution cycle: None
Execution condition: Performed only during agent installation

Process name: GnUpdate.exe
Description: Genian Updater
Function: Update Genian Agent automatically
Execution cycle: 6 hour
Execution condition: None

Process name: GnUtil.exe
Description: Genian Agent Utility
Funcfiton: Compute the SHA1 hash value of a specific file
Execution cycle: None
Execution condition: Works only when executed manually

System Log Description

Policy Server Log

Location: /disk/data/logs

Elasticsearch

GENIAN.log: Elasticsearch process abnormal termination and restart error log, etc.

httpd

Error_log: httpd error log
Mod_jk.log: Apache and Tomcat communicate using Apache JServ Protocol (AJP) to communicate with each other and configure it using a module called mod_jk
- Apache and tomcat related error log

mysqld

Initdb.log: Logs generated during database initialization
Check whether the table is abnormal when driving

Mysqld.error: error log during mysql operation
Slowquery.log: SQL Query Log for long-running jobs
- Refer to when a specific action takes a long time during NAC operation

system

Agent: Agent log stored in PC is called from policy server and stored
- call command: centerd -dfg

centerd: Logs of actions performed by the Policy Server
- Policy Server status, Node role status, Authentication, integration, Data sync etc

sensord: Save the operation and error log performed by the network sensor
- Network Sensor status, Node detection, UP / Down, policy reception etc

messages: Hardware status related messages like dmesg

procmond: Process terminated abnormally and restart log
scanraw: Network scan  information of Node for the platform's detection of the node
updown: Agent Up / Down status log
authsync: Database synchronization related logs
dbmigration: Save database migration results
gnlogin: console Login History Saving
radius.log: Saving RADIUS Status and Node Authentication Logs

tomcat

Catalina.out: The catalina.log file contains all log messages that are written to Tomcat's system.out and system.err streams.
The catalina.out file can include:
- Uncaught exceptions printed by java.lang.ThreadGroup.uncaughtException(..)
- Thread dumps, if you requested them via a system signal

System Inspection

Check script for the status of the Genian NAC system.

  • Follow the below steps, as shown in the code box:
  • Connect to the Policy Server Console directly or by SSH.
  • Enter configuration mode.
  • Enter shell mode.
  • Use the sysinspect.sh command to check the system status.
genian> en

genian# @shell

Genians$ sysinspect.sh


   ==========Regualr Inspection==========
   1) Check Server/Service infomation
   2) Check Service status
   3) Check Disk & Memory information
   4) Check Smartctl
   5) Check Slow Query
   6) Check Total Inspection
   9) Check Setup Config
   ======================================
   Enter Select Number :

Check Server/Service information

  • ServerRole: Refer to the configuration of the server to indicate the role of the server.
  • H/W duplication: Check if the server is redundant. If redundant, check if the server is master or slave.
  • DB replication: Check if the DB is redundant
  • ALIVE: If DB replication status of Master / Slave server is normal, ALIVE
  • MISMATCH or result is broken: If DB replication state of Master / Slave server is abnormal
  • System Uptime: Number of Users in Server, Server CPU Load
  • Platform: The model name of the server
  • Version: The version of the image installed on this server
  • MAC Address List: MAC Address list output
  • Service Version: The version of services used by the server
  • Elasticsearch indices Health check: Check the status of ElasticSearch indexes
  • green: normal, Yellow / Red: abnormal
  • Last 7 days Log Backup Check(Today Warning): Ensure Log backup is working properly
  • Last 7 days DB Backup Check(Today Warning): Ensure Policy / Node backup is working properly

Check service status

Verify that all necessary processes are running on Genian NAC.

Necessary processes by component:

Policy Server:
Mysqld, elasticsearch, java, centerd, sensord, httpd, procmond, sshd, syslog-ng, radius (Need confirmation if using RADIUS server), vrrpd (Need confirmation if using HA configuration)

Network Sensor:
sensord, procmond, sshd

Check Disk & Memory information

Check the server's hard disk capacity and memory. If the hard disk is full or there is no free memory, Genian NAC may encounter the following problems.

  • Genian NAC operation is slow or does not work
  • When a backup file is not created

Check Smartctl

Check hard disk status If the RAW_VALUE value of Reallocated_sector_ct is not 0, there is a problem with the hard disk. Genian NAC operation may be defective, requiring hard disk replacement

Check Total Inspection

The server state described above is output at once

Check Setup Config

  • Check for any missing basic settings
  • How to check sensor and node status through CLI command

How to Check Network Sensor Status:

genian# show enforcer
interface | mode | active | local | request | strict | max
bond0.100 |    2 |    OFF |    ON |     OFF |    OFF | 10
bond0.101 |    2 |    OFF |    ON |     OFF |    OFF | 10

How to Check Node Status:

genian# show nodeinfo filter [IP address]
    IP              | MAC               | device | sta | up |    age |   idle |     expire | noderole
    172.29.20.183   | 00:E0:4C:36:0D:F8 | eth0   |   1 |  1 | 1728088 |      5 |   -3118306 | Denied by IPAM(10)

ARP Poisoning list
genian# show nodeinfo poisoning [IP address]
IP=172.29.111.55 MAC=00:05:1B:A3:E2:07 IF=bond0.111
TARGET=172.29.111.56   ACTIVE=1 LASTREQ=832    DSTTOXIC=0
TARGET=172.29.111.254  ACTIVE=1 LASTREQ=0      DSTTOXIC=0