Juniper Strm User manual

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, CA 94089

USA

408-745-2000

www.juniper.net

Published: 2013-07-19

Security Threat Response Manager

STRM Troubleshooting Guide

Release 2013.2

2

Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and

other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc.

The following terms are trademarks or registered trademarks of other companies:

JavaTM and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.

All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any

obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication

without notice.

FCC Statement

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A

digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the

equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and

used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential

area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following

information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it

is not installed in accordance with Juniper Networks’ installation instructions, it may cause interference with radio and television reception. This

equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC

rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no

guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception,

which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following

measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an

experienced radio/TV technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.

Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device.

Disclaimer

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT, SUBJECT TO THE MODIFICTAIONS SET FORTH

BELOW ON THIS PAGE, ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED

HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR

JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.

STRM Troubleshooting Guide

Release 2013.2

Revision History

July 2013—STRM Troubleshooting Guide

The information in this document is current as of the date listed in the revision history.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use

of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at http://www.juniper.net/support/eula.html,

as modified by the following text, which shall be treated under the EULA as an Entitlement Document taking precedence over any conflicting provisions

of such EULA as regards such software:

As regards software accompanying the STRM products (the “Program”), such software contains software licensed by Q1 Labs and is further

accompanied by third-party software that is described in the applicable documentation or materials provided by Juniper Networks.

3

For the convenience of Licensee, the Program may be accompanied by a third party operating system. The operating system is not part of the Program,

and is licensed directly by the operating system provider (e.g., Red Hat Inc., Novell Inc., etc.) to Licensee. Neither Juniper Networks nor Q1 Labs is a

party to the license between Licensee and the third party operating system provider, and the Program includes the third party operating system “AS IS”,

without representation or warranty, express or implied, including any implied warranty of merchantability, fitness for a particular purpose or

non-infringement. For an installed Red Hat operating system, see the license file: /usr/share/doc/redhat-release-server-6Server/EULA.

By downloading, installing or using such software, you agree to the terms and conditions of that EULA as so modified.

4

CONTENTS

ABOUT THIS GUIDE

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Technical Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1STRM SYSTEM NOTIFICATIONS

Performance Degradation of Disk Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Verifying the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Increasing the Partition Test Timeout Period . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Application Error after Protocol Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Purging STRM files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Disk Usage System Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Verifying Disk Usage Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Resolving Disk Usage Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

User Configurations that Impact Event Processing . . . . . . . . . . . . . . . . . . . . . . . . . . 13

DSM Extensions and Optimized Custom Properties . . . . . . . . . . . . . . . . . . . . . . 14

Identifying DSM and Optimized Custom Property Issues. . . . . . . . . . . . . . . . . . . 14

Non-Optimized Custom Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Rule Tests that Impact Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Global Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Incomplete Report Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Resolving Missing Report Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Limited Disk Space to Perform Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Verifying the Backup Partition Disk Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Resolving Backup Partition Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

STRM Troubleshooting Guide

ABOUT THIS GUIDE

The STRM Troubleshooting Guide provides diagnostic and resolution information

for common system notifications and errors that can be displayed when using

STRM.

Audience This guide is intended for all STRM users responsible for investigating and

managing network security. This guide assumes that you have STRM access and

a knowledge of your corporate network and networking technologies.

Documentation

Conventions Table 1 lists conventions that are used throughout this guide.

Technical

Documentation You can access technical documentation, technical notes, and release notes

directly from the Juniper customer support website at

https://www.juniper.net/support/. Once you access the Juniper customer support

website, locate the product and software release for which you require

documentation.

Your comments are important to us. Please send your e-mail comments about this

guide or any of the Juniper Networks documentation to:

techpubs-comments@juniper.net.

Include the following information with your comments:

•Document title

Table 1 Icons

Icon Type Description

Information note Information that describes important features or

instructions.

Caution Information that alerts you to potential loss of

data or potential damage to an application,

system, device, or network.

Warning Information that alerts you to potential personal

injury.

STRM Troubleshooting Guide

8ABOUT THIS GUIDE

•Page number

Requesting

Technical Support Technical product support is available through the Juniper Networks Technical

Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC

support contract, or are covered under warranty, and need postsales technical

support, you can access our tools and resources online or open a case with JTAC.

•JTAC policies—For a complete understanding of our JTAC procedures and

policies, review the JTAC User Guide located at

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .

•Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/ .

•JTAC Hours of Operation —The JTAC centers have resources available 24

hours a day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online

self-service portal called the Customer Support Center (CSC) that provides you

with the following features:

•Find CSC offerings: http://www.juniper.net/customers/support/

•Search for known bugs: http://www2.juniper.net/kb/

•Find product documentation: http://www.juniper.net/techpubs/

•Find solutions and answer questions using our Knowledge Base:

http://kb.juniper.net/

•Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

•Search technical bulletins for relevant hardware and software notifications:

https://www.juniper.net/alerts/

•Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

•Open a case online in the CSC Case Management tool:

http://www.juniper.net/cm/

To verify service entitlement by product serial number, use our Serial Number

Entitlement (SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

•Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .

•Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and

Mexico).

For international or direct-dial options in countries without toll-free numbers, visit

us at http://www.juniper.net/support/requesting-support.html.

STRM Troubleshooting Guide

1STRM SYSTEM NOTIFICATIONS

System notifications are displayed on the STRM dashboard or in the notification

window when unexpected system behavior occurs. You can troubleshoot the most

common STRM notifications.

Error messages can occur for a variety of reasons. After consulting this guide, if

you are unable to resolve a STRM error or system notification message, gather

diagnostic information and contact Juniper Customer Support.

Performance

DegradationofDisk

Storage

Each host in your STRM deployment monitors the availability of partitions using

hostcontext. Disk availability is tested every minute by opening, writing to, and

deleting a file.

If this process takes longer than the default time period of five seconds, then the

hostcontext process reports an error in the STRM logs.

The error might resemble the following output:

Jun 24 07:22:41 127.0.0.1 [hostcontext.hostcontext]

[5b3acf9a-aa8a-437a-b059-01da87333f43/SequentialEventDispatcher

] com.q1labs.hostcontext.ds.DiskSpaceSentinel: [ERROR]

[NOT:0150062100][172.16.77.116/- -] [-/- -]The storage

partition(s) /store/backup on qradarfc (172.16.77.116) are not

currently accessible. Manual intervention may be required to

restore normal operation.

NOTE

If your system is experiencing high loading and large volumes of data are being

written, searched, purged, or copied to another system, an error might be

displayed when your file system is still operational.

You must identify the frequency of the error message, by choosing one of the

following options:

•If the message is displayed repeatedly, then verify the problem, see Verifying

the Problem.

STRM Troubleshooting Guide

10 STRM SYSTEM NOTIFICATIONS

•If the message is only displayed during peak times, then increase your partition

test timeout period, see Increasing the Partition Test Timeout Period.

Verifying the Problem You can verify a partition storage problem by creating a temporary file on your

STRM Console or Managed Host.

About this task

Partition storage problems can occur on the Console or any Managed Host in your

STRM deployment.

Procedure

Step 1 Using SSH, log in to the STRM Console or Managed Host as the root user:

Username: root

Password: <password>

Step 2 Type the following commands:

touch /store/backup/testfile

ls -la /store/backup/testfile

Step 3 If either of the following messages are displayed, then go to Step 4.

touch: cannot touch `/store/backup/testfile': Read-only file

system

nfs server time out

Step 4 Choose from one of the following options:

•If you are using a network file system, such as iSCSI, Fibre Channel or NFS,

then contact your storage administrator to verify that the file servers are

accessible and operational.

•If you are using a local file system on your STRM appliance, you might have a

file system issue or your disk might have failed. contact Juniper Customer

Support.

•If you are unable to identify the cause of your problem, contact Juniper

Customer Support.

Increasing the

Partition Test

Timeout Period

You can modify the partition test timeout period.

About this task

The partition test timeout period must be increased to a level at which STRM does

not generate false positives, but remains operational. Do not increase the timeout

period to a level that is excessive.

Procedure

Step 1 Click the Admin tab.

Step 2 On the navigation menu, click System Configuration.

Other manuals for STRM

Table of contents

Other Juniper Security System manuals

Juniper

Juniper 3800 Installation instructions

Juniper

Juniper JSA3800 Setup guide

Juniper

Juniper Netscreen-5200 User manual

Juniper

Juniper ISG 2000 User manual

Popular Security System manuals by other brands

Polon-Alfa

Polon-Alfa 4000 Installation and maintenance manual

Nexcom

Nexcom NViS 14162 Series user manual

Eminent

Eminent EM8670 Quick install

urmet domus

urmet domus alpha 1060 INSTALLATION AND USE BOOKLET

SmartPool

SmartPool YardGuard YG03 manual

DSC

DSC PC5964 Mounting instructions

Secure

Secure USAB-1 operating instructions

B&B

B&B 480 SERIES Operation & maintenance manual

ADEMCO

ADEMCO VISTA-20P Series Installation and setup guide

Inner Range

Inner Range Concept 2000 user manual

Johnson Controls

Johnson Controls PENN Connected PC10 Install and Commissioning Guide

Aeotec

Aeotec Siren Gen5 quick start guide

Swann

Swann SW-P-MC2 Specifications

Ecolink

Ecolink Siren+Chime user manual

EDM

EDM Solution 6+6 Wireless-AE installation manual

Siren

Siren LED GSM operating manual

Detection Systems

Detection Systems 7090i Installation and programming manual

FRIEDLAND

FRIEDLAND MA10 Installation and operating instructions

Juniper STRM User manual

Popular Security System manuals by other brands