Run the Troubleshooting Script
The Secure Event Connector (SEC) troubleshoot.sh gathers all event streamer logs and compresses them in a single .tar.gz file. Follow this procedure to run the troubleshoot.sh script:
Procedure
Step 1 | Open your VM hypervisor and start a console session for your Secure Device Connector (SDC). |
Step 2 | Login and then switch to the root user: |
[cdo@localhost ~]$sudo su root
Note | You could also switch to the sdc user but acting as root you will also receive IP tables information. The IP table information shows that the firewall is running on the device and all the firewall routes. If the firewall is blocking Secure Event Connector TCP or UDP ports, events will not show up in the Event Logging table. The IP Tables will help you determine if that is the case. |
Step 3 | At the prompt, run the troubleshoot script and specify the tenant name. This is the command syntax: |
[root@localhost ~]$ /usr/local/cdo/toolkit/troubleshoot.sh --app sec --tenant CDO_[tenant_name]
Here is an example:
[root@localhost ~]$ /usr/local/cdo/toolkit/troubleshoot.sh --app sec --tenant CDO_example_tenant
In the command output, you'll see that the sec_troubleshoot file is stored in the /tmp/troubleshoot directory on your SDC. The file name follows the convention sec_troubleshoot-timestamp.tar.gz.
Step 4 | To retrieve the file, log in as the Security Cloud Control user and download it using SCP or SFTP. Here is an example:
|
What to do next
Continue to Uncompress the sec_troubleshoot.tar.gz file.