Collect Server Log Data and Network Traffic
This article describes how to collect server log data and network traffic in a Cybereason On-Prem environment.
In this topic:
Important
You must collect this data before rebooting the Detection/WebApp server. If you reboot the Detection server before collecting the data, the data will be lost.
It is recommended to collect this information before contacting Cybereason Technical Support.
Step 1: Collect server log data and network traffic
To collect server log data and network traffic:
Connect to the Server configuration Management and open SSH to Detection/WebApp server.
Run the following commands to collect the server logs:
mkdir -p /tmp/cybereason/ cp -R /opt/apache-tomcat-8.5.93/logs/ /tmp/cybereason/tomcat/logs/ cp -R /opt/apache-tomcat-8.5.93/conf/ /tmp/cybereason/tomcat/conf/ cp -R /opt/cybereason/logs/ /tmp/cybereason/logs/
If your issue is network-related, run these commands to collect the network settings:
iptables -nvL > /tmp/cybereason/iptables.out netstat -nat > /tmp/cyberesaon/netstat.out
If your issue is network-related and the Cybereason platform shows that the Detection server is offline, capture the network traffic data using the tcpdump command:
tcpdump -i <interface> host [web server address] -w /tmp/cyberesaon/tcpdump.out
Open an additional SSH session, and run this command to access the WebApp server from the Detection server:
telnet <web server address>:8443
Wait a few seconds, and then use ctrl+c in the first session to stop tcpdump from running.
Step 2: Send the collected data to Technical Support
To send the collected data to Technical Support:
Create a tar.gz file with the collected information:
tar -czvpf cybereason.tar.gz /tmp/cybereason/
Important
It is not possible to upload a file with the tar.gz extension to the Create New Case Support page. It is recommended to create a ZIP file with this information and upload the ZIP file when opening a Support case.
Open a Support case and upload the compressed file.