Generate Troubleshoot Data for Sourcefire Software Running on BlueCoat X-Series Platform

Available Languages

Updated:November 20, 2014
Document ID:118678

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

A troubleshoot file contains a collection of log messages, configuration data, and command outputs. It is used in order to determine the status of a Sourcefire system. If a Cisco Support Engineer requests you to send a troubleshoot file from your BlueCoat X-Series Platform (also known as Crossbeam Sensor), follow the instructions on this document. This document also provides a list of the additional data that might be necessary to analyze an issue.

Generate Troubleshoot File

1. Log into your BlueCoat X-Series appliance as an admin user.

2. Find the VAP group for Sourcefire software.

show application vap-group

The following output is an example of the above command. In this example, the vap group is sf53.

VAP Group                   : sf53
App ID                      : SfSensor
Name                        : SF Sensor
Version                     : 5.3.0.1
Release                     : 55
Start on Boot               : yes
App Monitor                 : on
App State (sf530_1)         : Up

3. Next, we need to increase privilege so that we can remote-shell into the VAP group itself:

unix su

4. Then, open a remote-shell session:

rsh <VAP_group>_1

For example,

rsh sf53_1

5. Now, load the Sourcefire specific application:

source /opt/sf/profile

6. Finally, generate a troubleshoot:

sf_troubleshoot.pl -t <case_number>

Additional Troubleshoot Data

1. Copies of all of the /var/log/messages* files on the Control Processor Module (CPM) are necessary for log analysis and troubleshooting purpose. A Sourcefire sensor logs all of the syslog messages on the /var/log/messages file of a CPM, rather than on an Application Processor Module (APM) where the Sourcefire software runs.

Note: Please note the * with the /var/log/messages*. Use the * to include all of the messages file of CPM.

2. A running configuration of BlueCoat X-Series Platform allows us to understand how a sensor is installed and configured on XOS. The following command copies a running configuration into a text file:

copy running-config /tmp/running_config.txt

3. The following command outputs are important to determine the status of the module and chassis:

show module status
show chassis

4. If an error or symptom is obvious on the web user interface, a screenshot of the web interface is also helpful to identify a problem.

Revision History

Revision Publish Date Comments
1.0
20-Nov-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Nazmul Rajib and Douglas Loss
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products