Beruflich Dokumente
Kultur Dokumente
0 HyBoost
This document is a guide provided along with the Mail-i V8.0 HyBoost
product, a network data loss protection, of SOMANSA Co.,Ltd., and has
been written as a reference of the product after sale to be used in the
actual operation environment from initial configuration to
maintenance.
Mail-i 8.0
Agent (NDLP-Agent)
refers to Traffic-Agent processing network traffics and Content-Agent processing protocols.
DLP+Center
provides web based user interface for tasks such as incident (log) view, policy management and reports.
Query Server
views the incidents and deliver the policies and HR data to the Agent.
SMSAnalyzer
detects the data patterns such as resident registration numbers from the saved incidents (Content/Attachment files).
SMSSummary
performs scheduled summary task with incidents with patterns.
PostgreSQL
saves system configuration, HR data, policies, data mining (reports) and audit logs.
2
1. General
cm
contains necessary files for configuring and operating CM.
common
contains common files and modules (Query server, Indexing server etc) used in the products.
data
saves the incidents and attachment files.
dlpcenter
contains files required in configuration and operation of DLP+Center.
elasticsearch
contains files required in configuration and operation of ElasticSearch
intergrityi
contains configuration and modules of integrity check.
maili
contains product configuration of Mail-I product.
ndlp
contains configuration and modules of an Agent.
temp_index
temporarily saves the incident from the Indexing Server.
3
1. General
bin
Contains the executable modules.
conf
Contains configuration files.
logs
Contains the logs of CM modules.
tomcat
Is a tomcat folder to execute the files.
1. To RUN / STOP CM
[root@tproxy]# service cm [start | stop]
OR
[root@tproxy]# /somansa/cm/tomcat/bin/catalina.sh [start | stop]
2. To replace cm.war
1) [root@tproxy]#service cm stop
2) [root@tproxy]#cp Filenametocopy/somansa/cm/tomcat/webapps/cm.war
3) Delete the CM folder in tomcat
[root@tproxy]#rm rf /somansa/cm/tomcat/webapps/cm
4) [root@tproxy]#service cm start
* Stopping may cause an error(s) during the operation, please do not stop while it
running normal.
4
1. General
bin
Contains the common module JAR files
conf
Contains common setting files
lib
Contains shared library.
license
Reads license files.
log
Contains logs of SMS modules.
tomcat_indexer
Tomcat folder of the indexer.
tomcat_queryserver
Contains the Query Server.
2. To replace war
1) Stop the service of a war file to replace (catalina.sh stop)
2) [root@tproxy]#cp Filenametocopy /somansa/common/servicetoreplace/webapps/
3) Delete the original file in tomcat
- If it is an Indexer
[root@tproxy]# rm rf /somansa/common/tomcat_indexer/webapps/SMSIndexerWeb_Spring
- If it is a Query Server
[root@tproxy]# rm rf /somansa/common/tomcat_queryserver/webapps/DLPQueryServer
4) Start the service of the replaced war file (catalina.sh start)
* Stopping may cause an error(s) during the operation, please do not stop while it
running normal.
5
1. General
es_data
Saves the ElasticSearch indexes
es_log
Saves the ElasticSearch logs
es_tmp
Temporary storage of ElasticSearch
gfs_brick1
Actual storage of GlusterFS
gfs_data
Mount path of GlusterFS
productdata
Database file folder of postgresql
worm
Log forgery prevention folder
6
1. General
conf
Contains configuration files.
fileupload
Is a temporary folder used to upload files.
logs
Saves logs of DLP+ Center modules.
tomcat
Tomcat folder to execute war files.
2. To replace DLPCenter.war
1) [root@tproxy]#service dlpcenter stop
2) [root@tproxy]#cp Filenametocopy /somansa/CM/tomcat/webapps/DLPCenter.war
3) Delete the DLPCenter folder in tomcat
[root@tproxy]#rm rf /somansa/CM/tomcat/webapps/DLPCenter
4) [root@tproxy]#service dlpcenter start
* Stopping may cause an error(s) during the operation, please do not stop while it running
normal.
7
1. General
bin
Contains the executable files and service
configuration.
conf
Contains general settings.
plugins
Contains plugins.
* Stopping may cause an error(s) during the operation, please do not stop while it running
normal.
8
1. General
conf
Contains Mail-i configuration set from CM
script
Contains Mail-i Index Creation script
9
1. General
built
Is a folder where the Agents are linked.
env/default/bin
Contains executable modules
env/default/config
Contains the Agent configuration.
env/default/dump
Saves the dump files.
env/default/log
Saves the Agent execution logs.
env/default/modules
Contains the protocol modules.
env/default/scripts
Contains the execution scripts.
env/default/servicemodules
Contains the service modules.
* Stopping may cause an error(s) during the operation, please do not stop while it running
normal.
10
1. General
conf.info
Contains the hash values of the configuration files.
database.info
Contains postgresql connection information.
password
Contains CM login password.
scm.info
Contains configured products used in the system.
timeout
Contains IP information which has been approved
to connect with CM.
DLPQueryServer.conf
Contains IP information of the Query Server
used by DLP+Center.
Hyboostinfo.xml
Saves the excess of bandwidth notification
configurations.
indexer.conf
Contains Indexing Server configuration.
11
1. General
dlpcenter.properties
Contains the IP, language, product information
used in DLP+Center.
elasticsearch.yml
Contains basic configuration of ElasticSearch.
[Reference]
/somansa/elasticsearch/bin/service/ela
sticsearch.conf
Contains the service execution configuration.
12
1. General
default.property.script.xml
Contains basic configuration files.
property.script.xml
Contains Configuration files such as IP
connection, storage location.
traffic_agent.property.script.xml
Contains traffic process configuration such as
CN, IP Bypass.
13
1. General
Module Port
Redis 9800
HTTP 80
HTTPD 443
SSH 22
14
1. General
15
1. General
Core Status
Packet Pump, Packet Sstop (A/B/C)
Currently flowing into Agent every 3 second
(Packet count/Packet size(KB)/Traffic
size(Mbps))
Result Status
DIP : Saving counts on the log(ES)
FIP : Number of attachment being saved(GFS)
16
1. General
Packet Recorder is a web service to capture the packets entering the Agent. It can be beneficial
when trying to capture the packet due to errors such as logging errors by protocol.
To ensure the smooth download from the web, please maintain the download path as a
default /somansa/ndlp/env/default/log.
17
2. Structure and Configuration of Modules by Modes
18
2. Module Structure and Configuration by Modes
Only CM, Indexing Server and NDLP-Agent will be executed in the Agent.
19
2. Module Structure and Configuration by Modes
Creation of the gfs_volume to mount will occur in the main storage equipment.
For the case of ElasticSearch, the storage equipment should have their MASTER
and DATA mode enabled.
20
3. Trouble Shooting
Measures
3) Execute Process
[root@tproxy]#/somansa/common/script/SMSSummary.sh start
21
3. Trouble Shooting
Measures
3) Execute Process
[root@tproxy]#vi /somansa/common/log/SMSAnalyzer_trace.log
Inquire QA when error logs are found.
22
3. Trouble Shooting
Possible Causes
1) When the ElasticSearch does not work or has problems
2) Indexing Server Issues
A. When the indexing server does not work or has problems
B. When the ElasticSearch IP set in the indexing server is wrong
3) Agent Issues
A. When the Agent does not work or has problems
B. When the indexing server IP set in the Agent is wrong
4) When HR data matching was not done
Measures
2) ElasticSearch Issues
Execute ElasticSearch Service
[root@tproxy]#service elasticsearch start
Check the log below when the process does not execute
[root@tproxy]#tail f /somansa/data/es_log/SMS_LogServer.log
23
3. Trouble Shooting
5) Agent Issue 1
A. When the Agent does not work or has problems
Execute the Agent
[root@tproxy]#/somansa/ndlp/env/default/scripts/ndlp-agent start
Check the log below when the process does not execute
[root@tproxy]#tail f /somansa/ndlp/env/default/log/ndlp_agent_ Date.rmk
6) Agent Issue 2
B. When the Indexing Server IP set in the Agent is wrong
Check the configuration values
[root@tproxy]#vi /somansa/ndlp/env/default/config/property.script.xml
Check if the IP set in mms.es_db.ip in configuration file is same with the ElassSearch IP.
24
3. Trouble Shooting
25
3. Trouble Shooting
3) Policy Application
Click on POLICIES > Net App Prevent > [Apply Policy]
Apply the policy as an Agent in DLP+Center
26
3. Trouble Shooting
Possible Causes
1) When the Redis does not work or has problems.
Measures
27
3. Trouble Shooting
Possible Causes
1) When the Query Server does not work or has problems
2) When the DLPQueryServer IP is wrong.
Measures
28
3. Trouble Shooting
3.7 Known Issues Could not connect with T-Proxy In/Out Ports
Symptoms
T-Proxy Servers In/Out port link and the agent status remain normal but the
Internet is not connected.
Possible Causes
How to Check
Measures
29
3. Trouble Shooting
Possible Causes
1) Incorrect configuration value of ElasticSearch
2) Lack of memory allocated to ElasticSearch
Measures
30
3. Trouble Shooting
Possible Causes
1) Firewall Issues
2) When a Brick to connect is already connected to another volume
When an error occurs when creating a volume
failed: Brick: 192.168.208.241:/somansa/data/gfs_brick1 not available. Brick may be
containing or be contained by an existing brick
Measures
1) Firewall Issues
Check the firewall
[root@tproxy]#vi /etc/sysconfig/iptables
Check whether the ports from 49152~49156 are allowed from firewall configuration
31
4. Trouble Shooting Useful Information
Purpose
1) To check the real-time log.
2) To check the logs of Actions.
Usage
1) How to Use
tail [Option] <File Name>
2) Main Functions
-n numbers : Print all numbers from the end
-f : Print added information whenever the file size changes
3) Example
SMSAnalyzer Check current Log
[root@tproxy]#tail f /somansa/common/log/SMSAnalyzer.out
SMSAnalyzer Check the last 20 logs from below
[root@tproxy]#tail n 20 /somansa/common/log/SMSAnalyzer.out
32
4. Trouble Shooting Useful Information
Purpose
1) To use to configure the IP to be logged in T-Proxy
Usage
2) Main Option
-L : Print ebtables List
-I : Add to ebtables
-D : Delete from ebtables
3) Examples
Exclude 192.168.10.67 from T-Proxy
[root@tproxy]#ebtables t broute I BROUTING --p IPv4 --ip-src 192.168.10.67 j
ACCEPT
[root@tproxy]#ebtables t broute I BROUTING --p IPv4 --ip-dst 192.168.10.67 j
ACCEPT
Deactivate excluding 192.168.10.67 from T-Proxy
[root@tproxy]#ebtables t broute --D BROUTING p IPv4 ip-src 192.168.10.67 j
ACCEPT
[root@tproxy]#ebtables t broute --D BROUTING --p IPv4 --ip-dst 192.168.10.67 j
ACCEPT
33
4. Trouble Shooting Useful Information
How to Use
2) Restart Agent
[root@tproxy]#/somansa/ndlp/env/default/scripts/ndlp-agent restart
34
5. Trouble Shooting ICAP/HTTPS Proxy
1) Precondition
- ICAP-Agent Running
/somansa/ndlp/env/default/scripts/icap-agent start
35
5. Trouble Shooting ICAP/HTTPS Proxy
1) Precondition
- Traffic-Agent Running
/somansa/ndlp/env/default/scripts/traffic-agent start
2) Firefox
(1) Open Firefox by clicking the Start button. In the search box, type Firefox, and then, in
the list of results, click Firefox.
(2) Click the Options button, and then click Advanced.
(3) Click the Network tab, and then click Settings.
(4) Select the Manual proxy configuration.
(5) In the SSL Proxy box, type the address of the proxy server.
(6) In the Port box, type 13128.
(7) When you are finished making changes, click OK until you return to Firefox.
36