Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SUB: [OJT] How to retrieve APS logs(eg: Symantec) from Ingram Micro's Production Servers
- http://10.0.0.9/ninjas-wiki/index.php/OJT
- http://10.0.0.9/ninjas-wiki/index.php/How_to_retrieve_APS_logs_from_Ingram_Micro%27s_Production_Servers
- Hello Team,
- I have given the steps for obtaining APS logs from Ingram Micro's Production Servers.
- Thanks to Alphin for helping me with the log extraction procedures
- We will be using Symantec as an example. The same steps could be used for accessing logs of following Products also.
- - BitTitan
- - DocuSign
- - DropboxBusiness
- - ESET
- - LawToolBox
- - SkyKick
- - Symantec Endpoint Protection Cloud (confirmed)
- - Trend Micro Cloud App Security
- - Trend Micro Hosted Email Security
- - Trend Micro Security
- We will use the case WWCD-2308 as an example.
- This case deals with the product Symantec Endpoint Protection Cloud
- EXAMPLE CASE
- --------------------------------------------------------------
- WWCD-2308
- SID 1142069 - Symantec Endpoint Protection Cloud for Users
- AID 1000088666 - Trystate Mechanical
- VAR 1000087929 - RDM Computer Consultants, Inc.
- Region: US
- CP URL: https://cp.na.cloud.im
- --------------------------------------------------------------
- 1. Obtaining Private IP address of Production Server
- ========================================================
- - Goto https://cp.na.cloud.im
- - By default you will be presented with the PCP's POA
- - In PCP's POA, goto Services -> Applications -> APS Packages. In 'Package', search Symantec Endpoint Protection Cloud
- - In Symantec Endpoint Protection Cloud -> Instances -> 7494 INGMPUS -> General, the value for 'Application API end-point URI' will be given as "
- https://10.2.1.97/sepc/"
- - IP address 10.2.1.97 will be the private IP address of Production Server
- NOTE: The same server is accountable for other two regions BR(Brazil) and CA(Canada). And probably for rest of the above listed products too. We can confirm this in the NinjasWiki, once we deal with these products.
- 2. Connecting to VDI & Production Server and viewing logs
- ========================================================
- You can use any of the following IMCSECURE VDIs
- ---------------
- 10.10.22.12
- 10.10.22.138
- 10.10.22.139
- 10.10.22.145
- 10.10.22.146
- 10.10.22.149
- ---------------
- - Goto Start -> Run -> mstsc, to use the Microsoft Terminal Server Client, commonly referred as the Remote Desktop Application
- - In VDI, use mRemoteNG to create a SSH connection to the desired Linux server. In our case this is 10.2.1.97
- NOTE: If mRemoteNG is not present, use the Software Center in Windows to install mRemoteNG
- - In 10.2.1.97, change the working directory to /var/log/aps. Logs for all APS products can be found in this directory
- - Logs for Symantec will be located in the following files
- symantec-epc.log
- symantec-epc/debug.log
- symantec-epc/errors.log
- symantec-epc/general.log
- - You can extract the required logs via following commands
- NOTE: 1000088666 is the AccountID
- ------------------------------------------------------------------
- # grep 1000088666 symantec-epc.log > $HOME/main.log
- # grep 1000088666 symantec-epc/debug.log > $HOME/debug.log
- # grep 1000088666 symantec-epc/errors.log > $HOME/errors.log
- # grep 1000088666 symantec-epc/general.log > $HOME/general.log
- ------------------------------------------------------------------
- 3. Transferring logs to localmachine
- ========================================================
- => In the Linux server, save any required logs to your home directory. Note that your LDAP user's home(eg: /home/arung in a server) will also serve as the home for same user's FTP account
- => - From the VDI(eg: 10.10.22.145) you are in, open Filezilla and connect to LDAP user's home,
- ---------------------------------
- Host: hostname/ipaddress of the server (eg: 10.2.1.97)
- Port: 22
- Username: (LDAP login)
- Password: (LDAP login)
- ---------------------------------
- - Transfer the log files FROM LDAP user's home TO VDI user's home
- - From the VDI, in Filezilla, open a new tab to connect to the IMCSECURE VPN's FTP account
- ---------------------------------
- Host: ftp.imcsecure.softcom.com
- Username: (IMSECURE VPN Login)
- Password: (IMSECURE VPN Login)
- ---------------------------------
- - Transfer the log files FROM VDI user's home to IMCSECURE VPN's FTP account
- => - From your localmachine, in Filezilla, connect to IMCSECURE VPN's FTP account
- ---------------------------------
- Host: ftp.imcsecure.softcom.com
- Username: (IMSECURE VPN Login)
- Password: (IMSECURE VPN Login)
- ---------------------------------
- - Transfer the log files FROM IMCSECURE VPN's FTP account TO your localmachine
- If you have trouble with your LDAP password, use the Password Reset Tool for different regions
- LDAP Password Reset Tool
- ========================================================
- Dev - https://xldaprst01.dev.na.cloud.im
- Staging - https://xldaprst01.stg.na.cloud.im
- Toronto (Softcom) - https://xldaprst01.softcom.biz
- North America - https://xldaprst01.na.cloud.im
- Europe - https://xldaprst01.eu.cloud.im
- Oceania - https://xldaprst01.oc.cloud.im
- Asia - https://xldaprst01.as.cloud.im
- http://cloudteam.atlassian.net/wiki/spaces/OPS/pages/40833369/LDAP+Password+Reset+Tool
- NOTE: In the password reset tool, select 'Softcom Email' and enter the username part of your SoftCom Email's account. Wait a few minutes to receive a password reset mail in your Admin-Ahead mail account. The mail will contain a URL with lengthy key. Copy-pasting the link to VDI will not work. If typing it in the VDI is hard, you can save the link to a file in your localmachine and transfer it to the VDI via FTP method as explained above.
Add Comment
Please, Sign In to add comment