Genian NAC log collection method
Genian NAC supports debug dumps for each component when an issue arises. The dump file is used for issue analysis.
How to Collect the Agent Log
Collecting via Web Console
- Navigate to the Management > Node tab
- Click the check-box beside the Node(s) you wish to collect logs from, and select to Tasks > Bulk Actions, or select an individual node IP.
- Select Run Node Tasks from the dropdown, or use the Node Tasks menu if viewing a single node.
- Select Collect Agent Logs and click Run if applicable.
- After collection is complete, the logs can be viewed and searched in Log > Debug Logs.
Collecting via Endpoint
- Right-Click the Agent Icon on the endpoint
- Select the About Genian Agent(A)
- Click the
Save Error Logs - Log dump file is stored in C:** on Windows , **/Users/Shared/Genians on Mac
- In form of GnAgent _[DateTime].zip on Windows and Genians _[DateTime].zip on Mac
Note
- Log collection in an Active Directory environment requires domain administrator-level privileges.
- For LINUX devices, you must go directly to the debug storage path and collect it. /var/log/genians.
How to Collect the Policy Server and Network Sensor
The Policy Server and Network Sensor come with a feature for centrally collecting and exporting error logs. The log can be uploaded to a JIRA issue or saved locally.
Collecting via Web Console
- Navigate to the System tab
- Click the check-box beside the Appliance you wish to collect logs from.
- Select to Tasks > SysCollect
- Select if Center, Sensor, and/or Agent logs should be included for collection, and click Start.
- After collection is complete, the logs can be viewed and searched in Log > Debug Logs > system > agent.
Collecting via Command Line Interface
Follow the below steps, as shown in the code box:
- Connect to the Policy Server or Sensor through console or SSH.
- Login.
- Enter configuration mode.
- Enter shell mode.
- Use the command
syscollect.shto generate a compilation of the component logs.
- Select if you would like to upload logs.
- Select which components to collect logs from.
genian> en
genian# @shell
Genians$ syscollect.sh
Do you want upload to GENIANS IMS ? (Y/n)
Do you want to trace centerd ? (y/N)
Do you want to trace sensord ? (y/N)
Do you want to collect agent logs ? (y/N)
Collect network communication packets between components
Usage example
tcpdump -i eth0 port 80 and udp
- Capture for udp through 80 port on interface eth0
tcpdump -i eth0 -e
- Include ethernet information on interface eth0 and capture it.
tcpdump -i eth0 net 192.168.
- Captures a packet starting at 192.168 on interface eth0
tcpdump -i eth0 host [IP address] and ARP[7] == 2
- Capture for arp Reply packets on interface eth0
tcpdump -i eth0 -w file1 port 80 and udp
- Save captures for port 80 and udp packets on interface eth0 as ABC files
Option Definition
-v: When parsing and printing, produce (slightly more) verbose output. For example, the time to live,
identification, total length and options in an IP packet are printed. Also enables additional packet
integrity checks such as verifying the IP and ICMP header checksum.
-n: Don't convert addresses (i.e., host addresses, port numbers, etc.) to names
-e: Print the link-level header on each dump line. This can be used, for example, to print MAC layer addresses
for protocols such as Ethernet
-w: Write the raw packets to file rather than parsing and printing them out.
-A: Print each packet (minus its link level header) in ASCII.
-q: Quick (quiet?) output. Print less protocol information so output lines are shorter.
Conditional expression
host : Capture all packets containing the IP address you entered.
dst host : Filter by Destination IP Address
src host : Filter by Source IP Address
ether host : Capture all packets that contain the entered MAC address.
ether dst : Filter by Destination MAC addr of Ether Frame
ether src : Filter by Source MAC addr of Ether Frame
net : Capture to the network subnet
dst net: Capture to the network destination subnet.
src net: Capture to the network source subnet.