Basic Troubleshooting for ESM

Question 1

What are the steps that you need to execute if ESM fails to communicate with the client App?

Answer 1

• Check if ESM is powered on
• Check if ESM is connected to the network
• Check if database is dow. If so, start database with the command
  service cpservice start
• If after these steps the issue persist contact Trellix

Question 2

what you need to do if you are unable to access ESM via its web interface?

Answer 2

• Check if you can access ESM via SSH
• Check if EMS web server is running with the command
  ~~~
  ps auxf | grep http
  ~~~
• Run the command to restart the httpd service on ESM
  ~~~
  service httpd restart
  ~~~
• Check if cpserviced is running using the command
  ~~~
  ps -A
  ~~~

Question 3

What process can occasionally require a restart to restore web interface functionality?

Answer 3

httpd

Question 4

What is the process to recover the NGCP password if lost?

Answer 4

• Copy the following files contained on the path
  /usr/local/ess/data
• The files are:
• ngcp.dfl
• Users.blob
• Users.data
• Send those files to Trellix

Question 5

What is the process to recover a password for a root user on a device?

Answer 5

• If you have access to the device via ESM
• Go to system properties
• Key Management
• Generate a new key
• Alternatevly you can use a linux bootable distro
• Mount the root partition
• Edit the password file by typing
  vi /etc/shadow
• Type “i” for insert mode and remove the password string following “root” using the “X” key
• Save and exit the field by pressing “ESC”, and typing :wq!
• Reboot the system and log in as root with a blank password.
• When you are logged in reset the root password by running the following command
• Echo root: (new password) | chnpasswd -m

Question 6

No rights after loggin into ESM console via a user from Active Directory

Answer 6

• You need to run tailf /var/log/messages to look for specific errors
• Check if the user belongs to the correct groups by executing nkinit -p password -u username

Question 7

How to get the serial number for an ESM?

Answer 7

Locating the sticker on the machine or looking into the ESM UI under properties screen

Question 8

What is the process you need to do before applying and update on ESM?

Answer 8

• Perform an ESM Backup
• Verify the status of ESM (it should be OK)
• Verifiy the status of each device (it should be OK)

Question 9

What is the process you need to do after applying and update on ESM?

Answer 9

• Check each device (it should be OK)
• Some devices may need to be re-keyed manually
• Rollout Policy to all upgraded devices

Question 10

How do you initialize a Callhome with Trellix?

Answer 10

• Log in to ESM as NGCP
• System Properties
• ESM Management
• Maintenance
• Connect (uses port 443)
• Inform Technical Support of the connection and the IP address given
• Provide NGCP user and password to Support
• Alternatevly open a SSH session to ESM
• Log in as “root”
• Type the following command callhome
• Wait for 5 sec and press “Enter” or “CTRL-C”
• Type ifconfig and get the “tun0” address for Technical Support
• Inform Technical Support of the connection and the IP address given
• Provide NGCP user and password to Support

Question 11

What you need to check if the EMS is unable to download rules?

Answer 11

• Perform a manual check in System Properties, Rules Update
• Click “Check Now”
• Check if there is any error given
• Check if there a proxy or firewall preventing ESM to reaching internet access
• Check if ESM DNS settings are correct

Question 12

How do you determine if you are getting data from your data source?

Answer 12

1. Run the following command tcpdump -nni eth0 host <IP_address of datasource>
2. Run the following command iptables -nvL
3. On ESM go to the views and select “Device Status”