Troubleshoot IoX Sensors on a Cyber Vision deployment

Available Languages

Download Options

  • PDF     (44.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (81.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (66.8 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:July 19, 2023
Document ID:220585

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the essentials needed to troubleshoot when working with the IoX Sensor on Cyber Vision solution. 

    Connecting to the Sensor CLI

    Sensor applications can’t be accessed directly. First, need to connect to the switch through SSH. Then, use the show command to list the application running on it.

    Show app-hosting list

    Validate if the application is installed and document its name. Then, type (where 'ccv_sensor_iox_aarch64' is the app name in this example)

    app-hosting connect appid ccv_sensor_iox_aarch64 session

    Important Directories

    Config.yml

    It’s an important config file that documents flow, protocol, and port information configuration settings. The file can be found under:

    /iox_data/etc/flow

    PCAP Captures

    The captures that are run and triggered from the GUI are under

    /iox_data/var/flow/log/pcap

    Retrieving files from the IoX Sensor

    Local Manager GUI

    From the Local manager GUI, navigate to the app, then the ‘App-DataDir’ tab will show the files present in the/iox_data/appdata directory

     The ‘Logs’ tab under the app will show the files in /iox_data/logs.

    Copying Files through TFTP

    From the CLI of the sensor, files can be copied to a remote TFTP server using the command below:

    tftp -p -l /iox_data/appdata/<local-filename> -r <remote-filename> <tftp-server-IP>

    Sensor Health

    From the Center GUI, navigate to Administration → Sensors → Management to look at the Sensor details. These are the connection and processing statuses that are available

    Status


    -New
    -Request pending
    -Authorized
    -Disconnected
    -Connected
    -Unknown
    -SSH

    Processing Status


    -Not enrolled
    -Disconnected
    -Waiting for data
    -Pending data

    -Normally processing

    Critical Information in the diag file

    Date – Reports the time when the diagnostics were run

    Ip_addr – Reports the IP address & network information of all interfaces configured.

    Ip_route – Report the configured gateway

    Journal_errors – Reports the services which have failed to start

    Journal_sensorsyncd – Reports the TLC connection info

    Memory – Reports the amount of memory that’s in use

    sbs-version – Reports the main version and the build date

    sensor-enroll.conf – Reports the IP configured on the Enrollment package

    top – Reports 4 “top” commands within 12 seconds sorted by CPU

    Revision History

    Revision Publish Date Comments
    1.0
    19-Jul-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Ram Krishnamoorthy
      TAC

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products