API tools faq
paste
Guest User

Untitled

a guest
Sep 16th, 2018
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.76 KB | None | 0 0
raw download clone embed print report
  1. SUB: [OJT] How to retrieve APS logs(eg: Symantec) from Ingram Micro's Production Servers
  2.  
  3.  
  4. http://10.0.0.9/ninjas-wiki/index.php/OJT
  5. http://10.0.0.9/ninjas-wiki/index.php/How_to_retrieve_APS_logs_from_Ingram_Micro%27s_Production_Servers
  6.  
  7.  
  8. Hello Team,
  9.  
  10. I have given the steps for obtaining APS logs from Ingram Micro's Production Servers.
  11.  
  12. Thanks to Alphin for helping me with the log extraction procedures
  13.  
  14. We will be using Symantec as an example. The same steps could be used for accessing logs of following Products also.
  15. - BitTitan
  16. - DocuSign
  17. - DropboxBusiness
  18. - ESET
  19. - LawToolBox
  20. - SkyKick
  21. - Symantec Endpoint Protection Cloud (confirmed)
  22. - Trend Micro Cloud App Security
  23. - Trend Micro Hosted Email Security
  24. - Trend Micro Security
  25.  
  26. We will use the case WWCD-2308 as an example.
  27. This case deals with the product Symantec Endpoint Protection Cloud
  28.  
  29. EXAMPLE CASE
  30. --------------------------------------------------------------
  31. WWCD-2308
  32.  
  33. SID 1142069 - Symantec Endpoint Protection Cloud for Users
  34. AID 1000088666 - Trystate Mechanical
  35. VAR 1000087929 - RDM Computer Consultants, Inc.
  36.  
  37. Region: US
  38. CP URL: https://cp.na.cloud.im
  39. --------------------------------------------------------------
  40.  
  41.  
  42. 1. Obtaining Private IP address of Production Server
  43. ========================================================
  44. - Goto https://cp.na.cloud.im
  45. - By default you will be presented with the PCP's POA
  46. - In PCP's POA, goto Services -> Applications -> APS Packages. In 'Package', search Symantec Endpoint Protection Cloud
  47. - In Symantec Endpoint Protection Cloud -> Instances -> 7494 INGMPUS -> General, the value for 'Application API end-point URI' will be given as "
  48. https://10.2.1.97/sepc/"
  49. - IP address 10.2.1.97 will be the private IP address of Production Server
  50. NOTE: The same server is accountable for other two regions BR(Brazil) and CA(Canada). And probably for rest of the above listed products too. We can confirm this in the NinjasWiki, once we deal with these products.
  51.  
  52.  
  53.  
  54. 2. Connecting to VDI & Production Server and viewing logs
  55. ========================================================
  56. You can use any of the following IMCSECURE VDIs
  57. ---------------
  58. 10.10.22.12
  59. 10.10.22.138
  60. 10.10.22.139
  61. 10.10.22.145
  62. 10.10.22.146
  63. 10.10.22.149
  64. ---------------
  65.  
  66. - Goto Start -> Run -> mstsc, to use the Microsoft Terminal Server Client, commonly referred as the Remote Desktop Application
  67. - In VDI, use mRemoteNG to create a SSH connection to the desired Linux server. In our case this is 10.2.1.97
  68. NOTE: If mRemoteNG is not present, use the Software Center in Windows to install mRemoteNG
  69. - In 10.2.1.97, change the working directory to /var/log/aps. Logs for all APS products can be found in this directory
  70. - Logs for Symantec will be located in the following files
  71. symantec-epc.log
  72. symantec-epc/debug.log
  73. symantec-epc/errors.log
  74. symantec-epc/general.log
  75. - You can extract the required logs via following commands
  76. NOTE: 1000088666 is the AccountID
  77. ------------------------------------------------------------------
  78. # grep 1000088666 symantec-epc.log > $HOME/main.log
  79. # grep 1000088666 symantec-epc/debug.log > $HOME/debug.log
  80. # grep 1000088666 symantec-epc/errors.log > $HOME/errors.log
  81. # grep 1000088666 symantec-epc/general.log > $HOME/general.log
  82. ------------------------------------------------------------------
  83.  
  84.  
  85. 3. Transferring logs to localmachine
  86. ========================================================
  87. => In the Linux server, save any required logs to your home directory. Note that your LDAP user's home(eg: /home/arung in a server) will also serve as the home for same user's FTP account
  88.  
  89. => - From the VDI(eg: 10.10.22.145) you are in, open Filezilla and connect to LDAP user's home,
  90. ---------------------------------
  91. Host: hostname/ipaddress of the server (eg: 10.2.1.97)
  92. Port: 22
  93. Username: (LDAP login)
  94. Password: (LDAP login)
  95. ---------------------------------
  96. - Transfer the log files FROM LDAP user's home TO VDI user's home
  97.  
  98. - From the VDI, in Filezilla, open a new tab to connect to the IMCSECURE VPN's FTP account
  99. ---------------------------------
  100. Host: ftp.imcsecure.softcom.com
  101. Username: (IMSECURE VPN Login)
  102. Password: (IMSECURE VPN Login)
  103. ---------------------------------
  104. - Transfer the log files FROM VDI user's home to IMCSECURE VPN's FTP account
  105.  
  106.  
  107. => - From your localmachine, in Filezilla, connect to IMCSECURE VPN's FTP account
  108. ---------------------------------
  109. Host: ftp.imcsecure.softcom.com
  110. Username: (IMSECURE VPN Login)
  111. Password: (IMSECURE VPN Login)
  112. ---------------------------------
  113. - Transfer the log files FROM IMCSECURE VPN's FTP account TO your localmachine
  114.  
  115.  
  116.  
  117. If you have trouble with your LDAP password, use the Password Reset Tool for different regions
  118.  
  119. LDAP Password Reset Tool
  120. ========================================================
  121. Dev - https://xldaprst01.dev.na.cloud.im
  122. Staging - https://xldaprst01.stg.na.cloud.im
  123. Toronto (Softcom) - https://xldaprst01.softcom.biz
  124. North America - https://xldaprst01.na.cloud.im
  125. Europe - https://xldaprst01.eu.cloud.im
  126. Oceania - https://xldaprst01.oc.cloud.im
  127. Asia - https://xldaprst01.as.cloud.im
  128.  
  129. http://cloudteam.atlassian.net/wiki/spaces/OPS/pages/40833369/LDAP+Password+Reset+Tool
  130.  
  131. NOTE: In the password reset tool, select 'Softcom Email' and enter the username part of your SoftCom Email's account. Wait a few minutes to receive a password reset mail in your Admin-Ahead mail account. The mail will contain a URL with lengthy key. Copy-pasting the link to VDI will not work. If typing it in the VDI is hard, you can save the link to a file in your localmachine and transfer it to the VDI via FTP method as explained above.
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!