On this page
Using the Designer and Verifier Debug Tool
|
This topic is intended for TOS Administrators. |
Overview
You can use the Designer and Verifier Debug tool to help Tufin support debug and fix escalations relevant to Designer and Verifier on active access requests tickets. It is relevant for st-server, securetrack-job, and for topology-job services. The log-level for these services will be changed to debug while the script is running (10 minutes by default).
The tool can collects the following information on the specified ticket:
-
Information on the relevant devices and their revisions (including management servers)
-
Domains
-
TOS Classic information
-
Access requests and parameters
-
Log files
-
Full or partial device hierarchy
This information is saved as .tar.gz2 file which you can send to Tufin support.
Tufin support uses this information to reproduce, analyze, and debug the scenarios to fully understand escalated issues and discover their cause without requiring a full system backup.
Limitations
-
If targets are replaced between ticket steps, the tool will collect information on both the old devices and the new devices.
-
Only access request tickets are supported.
-
The tool requires running Designer (and sometimes Verifier) on the ticket. Therefore, you can only run it on active access request tickets.
Prerequisites
-
A SecureTrack user with administrator privileges.
-
The user must have logged in to TOS for the first time and changed the default password.
The user name is not saved or collected as part of the tool.
Generate a debug file
-
Copy the script to the primary data node.
-
Run the following commands:
-
Run the script:
[<ADMIN> ~]$ sudo sh collect_verifier_designer_debug_info.sh -ticketid <ticket id number> -user <admin user name>sudo sh collect_verifier_designer_debug_info.sh -ticketid <ticket id number> -user <admin user name> [-mgmts <management ids>]where:
ticketidis the ticket id number.useris the user name of the administrator level user.
Additional parameters can be inserted. For the full list see Script parameters and Examples below.
-
When prompted enter/do the following. Press Enter afterwards:
-
Enter the user's password.
-
Verify that the log level changed to debug
-
Run Designer (and optionally Verifier) on the ticket.
- Send the file to Tufin Support.
When the script is finished, an output file verifier_designer_debug_info.tar.gz will be created in directory /tmp.
Script parameters
|
Parameter |
Description |
Required/Optional |
|---|---|---|
| -ticketid | The ticket id number from securechange |
Required |
| -user | The user name of a TOS user with administrator level privileges |
Required |
| -mgmts | List of device management ids separated by comma |
Optional |
| -opms | List of management ids for OPM devices separated by comma |
Optional |
| -tool | The SecureChange feature for which logs will be collected (designer or verifier). designer will be collected by default. If verifier is set the debug tool will only collect information from the mongo database. |
Optional |
| -legacy | The tool collects only TOS classic information. Should only be used if Designer is running in legacy mode. |
Optional |
| -logduration | The duration for which the log levels will be change to debug. 10 minutes by default |
Optional |
| -thin | The tool will not collect the full device hierarcy |
Optional |
Examples
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague