Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

TDA_2.5_Troubleshooting

advertisement 
TDA 2.5
Debug tool and Known issues
Cellina
NCSG QA
Agenda
• Debug Portal and Feature
– Traffic Flow Status
• Reset to Factory Default
• Known Issues Summary
Classification
2015/4/13
2
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature
• Debug Portal URL
https://[TDA_IP]/html/rdqa.htm
•
•
•
•
•
•
•
Classification
CAV Log Enable/Disable
CAV Rule Enable/Disable
Debug Log
Log Transmission Setting
tcpdump
Kernel Module Status
System Process Status: ATOP, ps
2015/4/13
3
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• CAV Log Enable/Disable
•
•
•
•
Classification
VSAPI – VSAPI virus logging
Network Virus - Network virus logging
Potential Threat – CAV rules matching
TMUFE query – TMUFE URL query
2015/4/13
4
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• Threat Detections Settings
Enable Threat Detection • VSAPI – VSAPI virus logging
• Network Virus - Network virus logging
• Potential Threat – CAV rules matching (OCS rules not included)
Classification
2015/4/13
5
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• CAV Rule Enable/Disable
– Customized activated rule set
– Pattern (NCCP) update will overwrite customization
Classification
2015/4/13
6
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• Debug Log
– Change debug level to 4
and save
– Select “export debug log”
and export
– Reset Debug Log
– Change back to 1 after export
Classification
2015/4/13
7
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• Tcpdump
– When no ssh connection
is allowed to TDA and
need to sniffer the packet
that TDA monitors
– Select the target interface
and start
– Export file (tcpdump.tgz)
– “tcpdump.cap” is the latest
– Cap files are rotated
– Reset after export
Classification
2015/4/13
8
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• Kernel Module Status
– Observe statistic count
for network connection
and memory usage
– conntrack_count is the total
connection monitored
– ESTABLISHED is the total connection
in TCP established state
– Deployment or switch setting problem
if ESTABLISHED is relatively low
Classification
2015/4/13
9
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• TDA must monitor complete data flow of a TCP
connection
Classification
2015/4/13
10
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• SYN flood protection
– Too much syn_contrack indicate
TDA may be under SYN flood
or DDoS attack
– TDA can survive and working
under packet rate < 200,000
and 1,000,000 syn packets
Classification
2015/4/13
11
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• Memory protection
– when user memory is used
too much, TDA will drop
the oldest session
• Used too much user memory
(nr_pages >= 4730M)
• Usually means the application
is too busy and slow
• tail -f /var/log/kernel.log
Classification
2015/4/13
12
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• Memory protection
– when kernel memory is not enough
or used too much, TDA will drop
the oldest session
• Used too much kernel memory
(sum of nr_xx_bytes > 550M)
• Usually means throughput too
high
Classification
2015/4/13
13
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• Connection track capacity
~#cat /proc/sys/net/toe/conntrack_max
128000
Classification
2015/4/13
14
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• Network Flow Status
– TDA periodically detect if packet or connection is dropping
because of TDA memory protection or traffic exceed connection
track table capacity
– Network Flow turns red if packet or session keeps dropping
for more than 1 minutes
– TDA detection will not be
guaranteed under
such condition
Classification
2015/4/13
15
Copyright 2007 - Trend Micro Inc.
Debug Portal and Feature (Cont)
• ATOP
–
–
–
–
Linux atop command
CPU usage
System memory
Layer 2 throughput
• See which interface are
connected
– Process status
Classification
2015/4/13
16
Copyright 2007 - Trend Micro Inc.
Reset to factory default
• Required when moving TDA appliance from one pilot
customer to another
– Reset TDA’s GUID
– Or it will confuse backend TMSP system
– Procedure
• Ensure serial console is ready
• Reset TDA
• In serial console, during GRUB loading, press ESC to enter the
menu
• Select 3) Restore to factory mode
Classification
2015/4/13
17
Copyright 2007 - Trend Micro Inc.
Reset to factory default(Cont)
Classification
2015/4/13
18
Copyright 2007 - Trend Micro Inc.
Known Issues Summary
• Detection in FTP protocol
– file download in active mode
• Protocol shown “FTP”
• All file types supported
– file upload in active mode or passive mode
• Protocol shown “File Transfer”
• Only certain types of true file types are supported
– zip, rar, msft, office, pdf , rtf, exe
Classification
2015/4/13
19
Copyright 2007 - Trend Micro Inc.
Known Issues Summary
• TDVA firmware update
– Can not update firmware if VMI is enabled
– Same as VMWare workstation
• TMSP communication channel
– Only HTTP proxy is supported
– Only basic authentication on proxy server is supported
• Does not support TDVA Lite migration to TDA 2.5
• Does not support firmware update through Firefox
browser
Classification
2015/4/13
20
Copyright 2007 - Trend Micro Inc.
Thank You
Classification
2015/4/13
21
Copyright 2007 - Trend Micro Inc.
Related documents
Powerpoint
Powerpoint
Powerpoint - StatsMonkey.
Powerpoint - StatsMonkey.
A ppt I presented on Voxy
A ppt I presented on Voxy
Train to teach with Hull Citywide
Train to teach with Hull Citywide
the impact of micro insurance on brokers. pros
the impact of micro insurance on brokers. pros
BLaST-Cast: The New Design of the PSSA Gr. 3-8
BLaST-Cast: The New Design of the PSSA Gr. 3-8
Coherent Careers
Coherent Careers
Download
advertisement