Nepatech Troubleshooting

12/10/2014 IBMSecurity:IBMSecurityIntelligence(QRadar/TSIEM/TSOM):NetworkSurveillance,Sentries&Flows:1301/1302FlowCollectorsTesting/Verifying
IBM
English
Technicaltopics
Evaluationsoftware
Community
Events
Signin(orregister)
SearchdeveloperWorks
Myhome Forums Blogs Communities Profiles Podcasts Wikis Activities

IBMChampionprogram
Forums
ThisForum
Search
NetworkSurveillance,Sentries&Flows
TopicTags
FindaTag
activation activity analytics
apche architectu
r e deployment
editor
flows key logs mic
monitoring network open
qflow qradar remove

siem utilizatio
n vflow
Cloud List
Logintoparticipate
ForumDirectory>
IBMSecurity>
IBMSecurityIntelligence(QRadar/TSIEM/TSOM)>
NetworkSurveillance,Sentries&Flows>
1301/1302FlowCollectorsTesting/Verifying/Troubleshootingthehighspeed(napatech)monitoring
5repliesLatestPostApr3,2012bySystemAdmin
SystemAdmin
117Posts
1301/1302FlowCollectors
Testing/Verifying/Troubleshootingthehigh
speed(napatech)monitoringcards
Jul16,2010 | Tags:none
Afewusershaveaskedforamethodtoverifythatthehighspeed(Napatech)monitoringcards
ontheir1301/1302collectorsareconnected,havelink,andaregettingdata.
Thefirstwaytoquicklyverifythis,assumingthecollectorisalreadyaddedasamanagedhost,
connected,andgettingdata,istocheckthelogfile/var/log/qradar.logfor"qflow"messagesand
thepresenceofflowdata.
Thenextwayistousetheincludednapatechtoolslocatedin/opt/napatech/bin/tocheckthe
cardsettings.
Firstyoucanusethe"LinkTool"tocheckthestatusoftheportsonthecard.Notethatcurrently
QRadartreatsthecardasasinglesource,itdoesnotdifferentiatebetweentheportsindata
processing.Thefollowingexampletestseachportandusesegreptojustgrabthelinesfor
verifyinglink:
root@csd12bin#forportsin1248;do./LinkToolcmdGetcb0x0$ports|egrep
"AdapterStatus|Linkstatus|LinkSpeed";done
AdapterStatus:Channel0
Linkstatus:notconnected
LinkSpeed:(null)
Linkstatus:connected
LinkSpeed:100Mbit
LinkSpeed:(null)
LinkSpeed:(null)
root@csd12bin#
Ifyouwanttoseethefulldetailsofasinglecard,usethethecommand
"/opt/napatech/bin/LinkToolcmdGetcb0x01",replacing0x01with0x02,0x04and0x08toget
ports1to4respectively.
root@csd12bin#./LinkToolcmdGetcb0x02
LinkTool(v.1.2.F20100303094552)
==============================================================================
Linkstatus:connected
Porttype:SFPCopper10/100/1000
Autonegotiation:enabled
Linkquality:good
LinkSpeed:100Mbit
Duplex:Half
https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777000000000000000014969864
1/5
Autonegotiationcapabilities
10MBit:Fullduplex:YesHalfduplex:Yes
1GBit:Fullduplex:YesHalfduplex:No
10GBit:Fullduplex:NoHalfduplex:No
Manualconfigurationcapabilities
Fullduplex:Yes
Halfduplex:Yes
10MBit:Yes
100MBit:Yes
1GBit:Yes
10GBit:No
MDIMode:Auto:YesMDI:YesMDIX:Yes
Autonegotiationconfigurationforchannelmask:0x02
Autonegotiationenabled:Yes
Autonegotiationrequired:No
Cabledetect:AutoMDI/MDIX
Advertise:
1GBit:Fullduplex:YesHalfduplex:No
10GBit:Fullduplex:NoHalfduplex:No
root@csd12bin#
Thenextcommandwillshowyoubyteandpacketcountscomingintotheinterfacesaswell.
root@csd12bin#watch"/opt/napatech/bin/Statisticscb0xFF|egrep'Ch|Bytes'"
andtheoutput(refreshingwith"watch")willlookasfollows
Every2.0s:/opt/napatech/bin/Statisticscb0xFF|egrep'Ch|Bytes'FriJul1612:00:562010
Ch0:Packets=0x00000000:Bytes=0x00000000000000:Mbps=0.00:Util=0.00
Ch1:Packets=0xEF5AE2D37:Bytes=0x0013A38BB19E5A:Mbps=0.01:Util=0.01
Note,thatonlyports0through3canbeactive.ThechipsetontheNapatechcardsupportsup
to8ports,butonly4areenabledonthecardthatisusedbytheQRadarappliances.
Lastly,wealsohaveaversionoftcpdumpcompiledtoworkwiththeNapatechcards,thatcan
beusedtoverifythedatadirectlyonthecard.Thisislocatedinthefollowinglocations:
7.0.0(Provided)/opt/napatech/bin
6.3.0/6.3.1(DownloadLink)http://downloads.q1labs.com/tools/nt_tcpdump.tar.gz
root@csd12~#wgethttp://downloads.q1labs.com/tools/nt_tcpdump.tar.gz
2010071613:07:19http://downloads.q1labs.com/tools/nt_tcpdump.tar.gz
Resolvingdownloads.q1labs.com...69.20.57.57
Connectingtodownloads.q1labs.com|69.20.57.57|:80...connected.
HTTPrequestsent,awaitingresponse...200OK
Length:374406(366K)application/xgzip
Savingto:`nt_tcpdump.tar.gz'
100%======================================================================
================>374,406535K/sin0.7s
2010071613:07:19(535KB/s)`nt_tcpdump.tar.gz'saved374406/374406
root@csd12~#tarzxfnt_tcpdump.tar.gz
root@csd12~#chmod755nt_tcpdump
root@csd12~#
Tousethisutility,youmustshutdownhostcontextontheappliancefirst.
root@csd12~#servicehostcontextstop
[Q]Shuttingdownhostcontextservice:OK
root@csd12~#
Then,youneedtoloadthenapatechdriversmanually,listtheinterfaces,andruntheutility.
root@csd12~#/opt/napatech/bin/nt_tcpdumpD
NT:./pcapnapatech.c167:CommandNTCI_GetPacketFeedDescriptionfailed:Highlevelerror3(low
levelerror0x10000008)
1.eth0
2.eth1
3.eth2
4.eth3
2/5
5.any(Pseudodevicethatcapturesonallinterfaces)
6.lo
root@csd12~#/opt/napatech/bin/load_driver.shntxc0=/opt/napatech/config/ntpl.cfg
root@csd12~#/opt/qradar/bin/nt_tcpdumpD
1.eth0
2.ntxc0:0(NTadapter0feed0)
3.eth1
4.eth2
5.eth3
7.lo
root@csd12~#
root@csd12~#/opt/qradar/bin/nt_tcpdumpintxc0:0
nt_tcpdump:verboseoutputsuppressed,usevorvvforfullprotocoldecode
listeningonntxc0:0,linktypeEN10MB(Ethernet),capturesize96bytes
nt_tcpdump:pcap_loop:
......
tcpdumpoutput
......
5644packetscaptured
5644packetsreceivedbyfilter
0packetsdroppedbykernel
root@csd12~#
Ifyouneedtocaptureperchannel,usethefollowingsyntax:
root@csd12bin#/opt/napatech/bin/load_driver.shntxc0=/opt/napatech/config/ntpl_4feeds.cfg
root@csd12bin#/opt/napatech/bin/nt_tcpdumpD
1.eth0
6.eth1
7.eth2
8.eth3
10.lo
root@csd12~#/opt/qradar/bin/nt_tcpdumpintxc0:2(channel3)
nt_tcpdump:verboseoutputsuppressed,usevorvvforfullprotocoldecode
listeningonntxc0:2,linktypeEN10MB(Ethernet),capturesize96bytes
nt_tcpdump:pcap_loop:
......
tcpdumpoutput
......
9321packetscaptured
9321packetsreceivedbyfilter
0packetsdroppedbykernel
root@csd12~#
Onceyou'vecompletedyourtesting,youneedtounloadthetestnapatechdriver,reloadthe
basicone,thenrestarthostcontext.
root@csd12~#/opt/napatech/bin/unload_driver.sh
NapatechDriverLoad/Unloadscript(c)NapatechA/S
Partofpackage"nt_driver_linux_4.20.A"released2010/03/0510:42:29
UnloadingdriverDone
root@csd12~#servicenapatechstart
CheckingforNapatechpresenceonsystemDone
Loadingconfigurationfile/opt/napatech/config/default.cfgDone
ValidatingparseddriveroptionsDone
Configurationparametersapplied:
ReservedDMAPoolSize=16
Loadingdriver(thismaytakeawhile)Done
RunningsanitychecksDone
root@csd12~#
root@csd12~#servicehostcontextstart
[Q]Startinghostcontextservice:OK
root@csd12~#
Youcouldthenmonitortheqradar.logfiletoensurethattheqflowprocessisabletoproperly
reopenthenapatechinterface.
Jul1613:14:42csd124865 qflow0:INFOInitializingPacketAggregator
Jul1613:14:42csd124865 qflow0:INFOAddingflowsourcedefault_Netflow:3
Jul1613:14:42csd124865 qflow0:INFOAddingflowsourcenapatech0:14
Jul1613:14:42csd124865 qflow0:INFOInitializingdefault_Netflow:4895
3/5
Jul1613:14:42csd124865 qflow0:INFOInitializingnapatech0:4896
Jul1613:14:42csd124865 qflow0:INFOStartingdefault_Netflow:4895
Jul1613:14:42csd124865 qflow0:INFOStartingFlowReporter:4897
Jul1613:14:42csd124865 qflow0:INFOdefault_Netflow:StartedUDPSocket.PORT=2055
Jul1613:14:42csd124865 qflow0:INFOStartingnapatech0:4896
Jul1613:14:42csd124865 qflow0:INFOnapatech0:Started
Ifyouhaveanyquestions,feelfreetoasktheminthecommentssectionbelow.
dwights.
_______________________________________
Q1LabsCustomerSupport
PostedBYdwight(q1)
Logintoreply.
UpdatedonApr3,2012at10:53PMbySystemAdmin
SystemAdmin
117Posts
Re:Ifyoueverseethe
Aug19,2011inresponsetoSystemAdmin
Ifyoueverseethefollowing:
1. servicenapatechstart
CheckingforNapatechpresenceonsystemDone
Loadingconfigurationfile/opt/napatech/config/default.cfgDone
ValidatingparseddriveroptionsDone
Configurationparametersapplied:
OSTimeSync=1
ReservedDMAPoolSize=16
Loadingdriver(thismaytakeawhile)Done
RunningsanitychecksFailed
~~~~~~Error:Adapter0failedloadingdriver~~~~~~~~~
DriverLog(v.4.20.A20100305104229)
========================================================================
======
DriverLog:LogLevelmask:0x1
++
Timestamp|LogType|Logentry
++
4E4D2909.0009DB8A|#ERR|I2error:Slavenotresponding.
4E4D2909.0009DB90|#ERR|SDRAM:CouldnotreadSPD.SDRAMmightnot
fittetcorrect.
4E4D2909.0009DB95|#ERR|NtModulesInit:Initstep6failedwith
errorcode1000002A
4E4D2909.0009DB9A|#ERR|NtInitializeCard:Failedtoinitialize
modules
4E4D2909.0009E433|#ERR|NtInitializeCard:Failedinitializing
commoninterfacesstep7:Result1000002A
4E4D290A.000C028D|#ERR|NtStartNic:Initstep4failedwitherror
code10001001
Youshouldshutdownthesystemandpullthenapatechcard.Thenresetthememoryinthe
card.Page16oftheattachedpdf(DN0248NT4E4STDHardwareInstallationGuide.pdf)has
apictureofwhatitwouldlooklike.
PostedByJay
Logintoreply.
SystemAdmin
117Posts
Re:Incorrectoutput
Jan18,2012inresponsetoSystemAdmin
Whenyourunthiscommandwithagigabitinterface,thestatisticsdon'tdisplaythetrue
throughput:
watch"/opt/napatech/bin/Statisticscb0xFFdec|egrep'Ch|Bytes'"
Itmightworkwhentheinterfaceis100mbps,butnotgig.
4/5
PostedBypulse
Logintoreply.
SystemAdmin
117Posts
Re:Gignapatech
Feb23,2012inresponsetoSystemAdmin
Isthereanywaytoprovidetherealthoughputwithgigcards?thiscommanddoesnotworkas
mentionnedbefore.
PostedByetorreblanca
Logintoreply.
SystemAdmin
117Posts
Re:Whatdoyoumeanbyreal
Feb23,2012inresponsetoSystemAdmin
Whatdoyoumeanbyrealthroughput?
ThetooldeliversinmycasesomedataanditactuallylookslikethedataIseeontheswitch
port,whichmeansformethethroughputiscorrect?AmImissingsomething?
Hereistheoutputofthetool:
/opt/napatech/bin/Statisticscb0xfdecinteractive
whichwillgiveyouexactstatisticsincludingerrorcounters,Idon'tknowifyoucanrunitonlyon
1portonthenapatechbutitwaseasytoidentifywhichofthe4itwas,byremovingthecables.
ItisalsoshowingtheMbpsoneachoftheports.
Statistics(v.1.4.A20110127162744)
=========================================================================
=====
RXstatistics:
Ch0:Packets=0x5EFC18ED:Bytes=0x0000CAC5F8A3EA:Mbps=551.53:Util=55.15
Ch1:Packets=0x130DD47A:Bytes=0x00002F65DB5453:Mbps=127.64:Util=12.76
PostedBypat
Logintoreply.
SystemAdmin
117Posts
Re:Thecommandlistedinthe
Apr3,2012inresponsetoSystemAdmin
Thecommandlistedinthebeginningofthethread
watch"/opt/napatech/bin/Statisticscb0xFF|egrep'Ch|Bytes'"
doesn'toutputthecorrectresultsforgigabitinterfaces.Thecommandyoulisteddoes
/opt/napatech/bin/Statisticscb0xfdecinteractive
Thanks!
PostedBypulse
Logintoreply.
Feedforthistopic
About
Feeds
Reportabuse
Faculty
Help
Newsletters
Termsofuse
Students
BusinessPartners
Contactus
Follow
Thirdpartynotice
Submitcontent
Like
IBMprivacy
IBMaccessibility
5/5

Nepatech Troubleshooting

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Nepatech Troubleshooting

Загружено:

Авторское право:

Доступные форматы

12/10/2014 IBMSecurity:IBMSecurityIntelligence(QRadar/TSIEM/TSOM):NetworkSurveillance,Sentries&Flows:1301/1302FlowCollectorsTesting/Verifying

Myhome Forums Blogs Communities Profiles Podcasts Wikis Activities

flows key logs mic

monitoring network open

qflow qradar remove

Вам также может понравиться