McAfee GTI Proxy 1.0.0 Administration Guide
COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. License Attributions For a complete list of third-party license attributions, see the license.txt file. This file is included at the root of the product download zip file and, in default installations, at: C:\Program Files\McAfee\<Product> 2 McAfee GTI Proxy Administration Guide
Contents Preface... 4 Using this guide... 4 Audience... 4 Type conventions... 5 Where to find documentation... 5 Downloading manuals from the McAfee ServicePortal... 5 Product documentation by phase... 6 McAfee GTI Proxy... 7 GTI Proxy... 7 GTI Proxy Appliance... 7 Administering GTI Proxy Appliance... 9 Secure Shell (SSH) Access... 9 GTI Proxy Appliance User Permissions... 10 Check GTI Proxy Appliance status... 11 Check GTI Proxy Appliance Plugin status... 11 Check McAfee Agent for Linux status... 12 Starting and Stopping GTI Proxy Appliance... 12 Pulling GTI Proxy Appliance Logs... 14 Purge GTI Proxy Appliance Logs... 17 GTI Proxy Appliance Reports... 18 Creating custom Dashboard for GTI Proxy Appliance... 21 GTI Proxy Appliance Logs for Debugging... 22 McAfee GTI Proxy Administration Guide 3
Preface Using this guide This guide helps network administrators administer McAfee GTI Proxy. It contains an overview of the product technology, concepts and architecture, as well as a detailed description of steps to administer the GTI Proxy components. The guide includes these topics: Introduction and system components Administering GTI Proxy Appliance Diagnostics and Trouble Shooting GTI Proxy Audience The information in this guide is intended primarily for two audiences: Security officers who are responsible for determining sensitive and confidential data and defining the corporate policy for protecting the company s intellectual property. Network administrators who are responsible for implementing and enforcing the corporate policy for protecting the company s intellectual property.
Type conventions This guide uses these type conventions: Bold Condensed Courier Italic Bold Blue <TERM> Note Tip Caution/Important Warning Words from the interface, including options, menus, buttons, and dialog boxes. The path of a folder or program; a code sample; text that the user types exactly, as in a command at the system prompt. Emphasis for a new term; book and chapter titles. Emphasis. Words from the product interface Angle brackets enclose a generic or replaceable term. Supplemental information, like an alternate method of accessing an option. Suggestions and recommendations. Important advice to protect your computer system, enterprise, software installation, or data. Important advice to prevent bodily harm when using a hardware product. Where to find documentation McAfee product documentation is designed for each phase of the product s use. Downloading manuals from the McAfee ServicePortal To access the documentation for your McAfee products, use the McAfee ServicePortal. 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and, under Support by Reading, click Product Documentation. 2 Select a Product. 3 Select a Version. 4 Select a product document. McAfee GTI Proxy Administration Guide 5
Product documentation by phase McAfee documentation provides the information you need during each phase of product implementation, from installing a new product to maintaining existing ones. Depending on the product, additional documents might also be available. After a product is released, information regarding the product is entered into the online KnowledgeBase, available through the McAfee ServicePortal. Installation Before, during, and after installing the product Release Notes Installation Guide Setup Using the product Product Guide Online Help Maintenance Maintaining the software KnowledgeBase http://mysupport.mcafee.com under Self Service 6 McAfee GTI Proxy Administration Guide
Introducing McAfee GTI Proxy McAfee GTI Proxy McAfee GTI Proxy is a system that allows McAfee Virus Scan Enterprise (VSE) nodes to perform GTI system lookups from within the Enterprise Network without requiring direct access to the GTI Servers in the Cloud. The GTI Proxy system acts as a central controller within the enterprise to resolve GTI requests on behalf of the VSE nodes. The VSE nodes make the GTI request to the GTI Proxy system and the GTI Proxy system then makes the lookup to the GTI Servers in the Cloud. The GTI Proxy system uses the response to populate a local cache and then sends back the response to VSE nodes. The GTI Proxy system caches the response for a period as defined by the GTI Servers in the cloud. When the cache period expires the next request for the information from the GTI Proxy system by VSE nodes causes another request to the GTI Servers in the Cloud and the cache to be updated. This mechanism keeps the GTI Proxy system synchronized with the GTI Servers in the cloud. There are two parts to McAfee GTI Proxy system: GTI Proxy Agent (for setting up fallback servers on the managed VSE client nodes and for managing GTI Proxy Appliance) GTI Proxy Appliance (performs the GTI lookups) GTI Proxy GTI Proxy is comprises of two epo products, which are delivered as a single zip file GTI Proxy.zip. One is GTI Proxy Agent, which configures VSE nodes on the enterprise network to communicate with specified GTI Proxy Appliance instances for resolving GTI system lookups. Another is GTI Proxy Appliance, which communicates with and manages the GTI Proxy Appliance on the enterprise network. The services it offers are Configuring the GTI Proxy Appliance to setup GTI cloud servers, managing specified Log files (Pull/Purge) on the server, managing the gtiproxy process for querying its Status and also performing operations like Start, Stop etc. Along with, it provides is reporting information on the GTI Proxy Appliance performance in the form of different graphs and charts. GTI Proxy Appliance The GTI Proxy Appliance is delivered as a VMware image to the Enterprise. The VMware host image is a CentOS 5.3 64-bit installation. A gtiproxy process is running on the system to service GTI requests. The following functionality is provided: Service GTI requests from VSE nodes on the Enterprise network Perform GTI lookup requests in the Cloud
Caching of GTI lookup Tiered support for multiple GTI Proxy Appliance configuration on the Enterprise network 8 McAfee GTI Proxy Administration Guide
Administering GTI Proxy Appliance This chapter describes how to administer GTI Proxy Appliance using CentOS 5.3 64-bit and McAfee epolicy Orchestrator management software. To use this chapter effectively you need to be familiar with basic UNIX shell interaction and epolicy Orchestrator. Note This document does not provide detailed information about administering or using epolicy Orchestrator or CentOS software. See the CentOS and McAfee epolicy Orchestrator product documentation for more information. Prerequisites This document assumes the Installation Guide has been completed successfully. Administering GTI Proxy Appliance This section describes how to administer GTI Proxy Appliance. Secure Shell (SSH) Access GTI Proxy Appliance is setup with Secure Shell Access. Password authentication is setup by default. This section describes tasks to setup SSH access using authentication keys. Setup with Existing Public Key Use this task to setup SSH authentication key using an existing Public Key. Prerequisites The Public Private Key must already be generated and the Public Key known to the administrator. The computer on which the Public Key file resides must have secure copy (SCP) capability and the administrator has knowledge of how to use it. The administrator knows the IPv4 Address of the GTI Proxy Appliance. 1. Log on to the computer containing the Public Key file. 2. Secure copy the Public Key file to the destination gtip@[gti Proxy Appliance IPv4 Address]:~/tmp_pub_key. 3. Log off the computer containing the Public Key file. 4. Log on to the GTI Proxy Appliance as the user gtip. McAfee GTI Proxy Administration Guide 9
5. Type the command touch.ssh/authorized_keys, then press Enter. 6. Type the command cat tmp_pub_key >>.ssh/authorized_keys, then press Enter. 7. Type the command chmod 0600.ssh/authorized_keys, then press Enter. 8. Type the command rm tmp_pub_key, then press Enter. 9. Type logout, then press Enter. The user gtip is logged out of the GTI Proxy Appliance. Setup Generating a new Public Private Key Pair Use this task to setup SSH authentication key by generating a Public Private Key pair using the GTI Proxy Appliance. Prerequisites A computer exists on the network that has secure copy (SCP) capability and the administrator has knowledge of how to use it. The administrator knows the IPv4 Address of the GTI Proxy Appliance. 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type the command ssh-keygen f ~/.ssh/id_dsa t dsa N, then press Enter. 3. Type the command touch.ssh/authorized_keys, then press Enter. 4. Type the command cat.ssh/id_dsa.pub >>.ssh/authorized_keys, then press Enter. 5. Type the command chmod 0600.ssh/authorized_keys, then press Enter. 6. Type logout, then press Enter. The user gtip is logged out of the GTI Proxy Appliance. 7. Log on to the computer with SCP capability. 8. Secure copy the Public Key file to the computer from the source gtip@[gti Enterprise Server IPv4 Address]:~/.ssh/id_dsa.pub. 9. Secure copy the Private Key file to the computer from the source gtip@[gti Enterprise Server IPv4 Address]:~/.ssh/id_dsa. 10. NOTE: The Private and Public keys must be stored securely so that the administrator can only access them. 11. Log off the computer with SCP capability. 12. Log on to the GTI Proxy Appliance as the user gtip. 13. Type the command rm.ssh/id_dsa.pub.ssh/id_dsa, then press Enter. 14. Type logout, then press Enter. The user gtip is logged out of the GTI Proxy Appliance. GTI Proxy Appliance User Permissions Use this task to grant permission to the user, for using GTI Proxy Appliance using the epolicy Orchestrator system 10 McAfee GTI Proxy Administration Guide
2. Select Menu User Management Permission Sets. 3. For a given Permission Set, to assign the permission for GTI Proxy Appliance, click on the Edit link for the GTI Proxy Appliance permission. 4. Choose the appropriate permission from the options available for the given Permission Set. 5. Click on the Save button to set the permission in the given Permission Set. 6. Additionally make sure System Tree access permission is also granted to the given Permission Set. This permission is required for the Report module to function properly. 7. To grant System Tree access permission, click on the Edit link for the System Tree access permission. 8. Choose the appropriate permission from the options available for the given Permission Set. 9. Click on the Save button to set the permission in the given Permission Set. Check GTI Proxy Appliance status Use this task to check the status of GTI Proxy Appliance using the epolicy Orchestrator system. 3. Click on the Status tab. list. This combo box does not not show up, in case a single GTI Proxy Appliance is 5. The Process Name (gtiproxy) and the Status column is displayed, with the initial status of the GTI Proxy Appliance. 6. Click on the green refresh button to get the current GTI Proxy Appliance (gtiproxy process) status. 7. The Status column shows the current GTI Proxy Appliance status, with Result value as Command Status : Successful. Check GTI Proxy Appliance Plugin status Use this task to check the status of GTI Proxy Appliance Plugin. 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type the command ps C gtipa, then press Enter. 3. The process id is displayed when the plug-in is running. McAfee GTI Proxy Administration Guide 11
4. Use the task Start GTI Proxy Appliance plugin in the Installation guide to start the process if stopped. Check McAfee Agent for Linux status Use this task to check the status of MA agent on the GTI Proxy Appliance. 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Type the command ps C cma, then press Enter. 3. The process id is displayed when the process is running. 4. Use the task Start McAfee Agent for Linux in the Installation guide to start the process if stopped. Starting and Stopping GTI Proxy Appliance This section describes how to start/stop/restart/force-stop GTI Proxy Appliance using the epolicy Orchestrator system. Start GTI Proxy Appliance Use this task to start GTI Proxy Appliance when its current status is Not Running. 3. Click on the Status tab. 5. The Process Name (gtiproxy) and the Status column is displayed, with the initial status of the GTI Proxy Appliance. 6. Click on the green refresh button to get the current GTI Proxy Appliance (gtiproxy process) status. 7. The Status column shows the current GTI Proxy Appliance status, with Result value as Command Status : Successful. 8. If the Status is Not Running, the Start button is in an enabled state. Click on the Start button to start the GTI Proxy Appliance (gtiproxy process). 9. The Status column shows the value as Running, with Result value as Command Start : Successful. Stop GTI Proxy Appliance Use this task to stop GTI Proxy Appliance when it s current status is Running. 12 McAfee GTI Proxy Administration Guide
3. Click on the Status tab. 5. The Process Name (gtiproxy) and the Status column is displayed, with the initial status of the GTI Proxy Appliance. 6. Click on the green refresh button to get the current GTI Proxy Appliance (gtiproxy process) status. 7. The Status column shows the current GTI Proxy Appliance status, with Result value as Command Status : Successful. 8. If the Status is Running, the Stop button is in an enabled state. Click on the Stop button to stop the GTI Proxy Appliance (gtiproxy process). 9. The Status column shows the value as Not Running, with Result value as Command Stop : Successful. Restart GTI Proxy Appliance Use this task to restart GTI Proxy Appliance when it s current status is Running. 3. Click on the Status tab. 5. The Process Name (gtiproxy) and the Status column is displayed, with the initial status of the GTI Proxy Appliance. 6. Click on the green refresh button to get the current GTI Proxy Appliance (gtiproxy process) status. 7. The Status column shows the current GTI Proxy Appliance status, with Result value as Command Status : Successful. 8. If the Status is Running, the Restart button is in an enabled state. Click on the Restart button to restart the GTI Proxy Appliance (gtiproxy process). 9. The Status column shows the value as Running, with Result value as Command Restart : Successful. Force-Stop GTI Proxy Appliance Use this task to force-stop GTI Proxy Appliance when it s current status is Running. McAfee GTI Proxy Administration Guide 13
3. Click on the Status tab. 5. The Process Name (gtiproxy) and the Status column is displayed, with the initial status of the GTI Proxy Appliance. 6. Click on the green refresh button to get the current GTI Proxy Appliance (gtiproxy process) status. 7. The Status column shows the current GTI Proxy Appliance status, with Result value as Command Status : Successful. 8. If the Status is Running, the Force-Stop button is in an enabled state. Click on the Force-Stop button to stop the GTI Proxy Appliance (gtiproxy process) forcefully. 9. The Status column shows the value as Not Running, with Result value as Command Force-Stop : Successful. Pulling GTI Proxy Appliance Logs This section describes pulling certain important log files from GTI Proxy Appliance for analyzing and debugging purpose. Note There is a size limit of 10 MB for Pulling Log files from GTI Proxy Appliance. If the log file(s) zip returned from GTI Proxy Appliance exceeds that limit, an appropriate error message is shown on the screen. In case the selected log file(s) size is exceeding the size limit, reselect log files, so that it falls within the size limit. If you are pulling a single log file, which is exceeding the limit, in that case the number of lines, can be specified (1 to 10000), which pulls those many numbers of line from the end of log file. If at all, a log file exceeding the size limit of 10 MB is required, use SCP to retrieve it. Pull System Logs Use this task to pull System level logs from GTI Proxy Appliance. 3. Click on the Logs tab. 5. In the Log Action, ensure radio button Pull (this is the default selection) is selected. 6. In Logs, ensure the System Log (this is the default selection) radio button is selected. 14 McAfee GTI Proxy Administration Guide
7. Click on the button Get File List, to get the list of the System Files in the GTI Proxy Appliance. 8. The system log file list with file size appears, a check box is provided in front of each file name to choose the file for pulling. 9. At a time only 10 files are listed, if there are more than 10 files, the Next link appears. 10. Click on the Next link to get the next set of 10 files. A Previous link appears, to get the previous set of files. 11. Click on the check box in front of the file name, which you want to pull. 12. In the Specification, specify the number of lines of the log file to be pulled, in the No. of Lines text box. Specify a number between 1 and 10000. The default value of 0 results in pulling the complete log file. This option can only be used in case a single log file is to be pulled. In case multiple log files are selected for pulling, the text box is in disabled state and the complete log file is considered pulled. 13. Specify a valid windows file directory path on the epo server, in the Location to store logs text box. Here the log files in ZIP format is kept, once it is pulled from GTI Proxy Appliance. 14. Click on the Pull button to pull the selected log files from GTI Proxy Appliance. 15. A success message is shown on successful completion of the Pull operation. 16. Additionally the log archive file can be downloaded into the local machine by clicking on the Download button. Pull Debug Logs Use this task to pull Debug level logs from GTI Proxy Appliance. 3. Click on the Logs tab. 5. In the Log Action, ensure radio button Pull (this is the default selection) is selected. 6. In Logs, ensure the Debug Log radio button is selected. 7. Click on the button Get File List, to get the list of the Debug Files in the GTI Proxy Appliance. 8. The Debug log file list with file size appears, a check box is provided in front of each file name to choose the file for pulling. 9. At a time only 10 files are listed, if there are more than 10 files, the Next link appears. 10. Click on the Next link to get the next set of 10 files. A Previous link appears, to get the previous set of files. 11. Click on the check box in front of the file name, which you want to pull. 12. In the Specification, specify the number of lines of the log file to be pulled, in the No. of Lines text box. Specify a number between 1 and 10000. The default value of 0 results in pulling the complete log file. This option can only be used in case a McAfee GTI Proxy Administration Guide 15
single log file is to be pulled. In case multiple log files are selected for pulling, the text box is in disabled state and the complete log file is considered pulled. 13. Specify a valid windows file directory path on the epo server, in the Location to store logs text box. Here the log files in ZIP format is kept, once it is pulled from GTI Proxy Appliance. 14. Click on the Pull button to pull the selected log files from GTI Proxy Appliance. 15. A success message is shown on successful completion of the Pull operation. 16. Additionally the log archive file can be downloaded into the local machine by clicking on the Download button. Pull GTI Proxy Appliance Logs Use this task to pull GTI Proxy Appliance logs from GTI Proxy Appliance. 3. Click on the Logs tab. 5. In the Log Action, ensure radio button Pull (this is the default selection) is selected. 6. In Logs, ensure the GTI Proxy Appliance Log radio button is selected. 7. Click on the button Get File List, to get the list of log Files in the GTI Proxy Appliance. 8. The GTI Proxy Appliance Log file list with file size appears, a check box is provided in front of each file name to choose the file for pulling. 9. At a time only 10 files are listed, if there are more than 10 files, the Next link appears. 10. Click on the Next link to get the next set of 10 files. A Previous link appears, to get the previous set of files. 11. Click on the check box in front of the file name, which you want to pull. 12. In the Specification, specify the number of lines of the log file to be pulled, in the No. of Lines text box. Specify a number between 1 and 10000. The default value of 0 results in pulling the complete log file. This option can only be used in case a single log file is to be pulled. In case multiple log files are selected for pulling, the text box is in disabled state and the complete log file is considered pulled. 13. Specify a valid windows file directory path on the epo server, in the Location to store logs text box. Here the log files in ZIP format is kept, once it is pulled from GTI Proxy Appliance. 14. Click on the Pull button to pull the selected log files from GTI Proxy Appliance. 15. A success message is shown on successful completion of the Pull operation. 16. Additionally the log archive file can be downloaded into the local machine by clicking on the Download button. Pull GTI Proxy Appliance plugin Logs Use this task to pull GTI Proxy Appliance plugin logs from GTI Proxy Appliance. 16 McAfee GTI Proxy Administration Guide
3. Click on the Logs tab. 5. In the Log Action, ensure radio button Pull (this is the default selection) is selected. 6. In Logs, ensure the GTI Proxy Appliance plugin Log radio button is selected. 7. Click on the button Get File List, to get the list of the GTI Proxy Appliance Plugin log Files in the GTI Proxy Appliance. 8. The GTI Proxy Appliance plugin Log file list with file size appears, a check box is provided in front of each file name to choose the file for pulling. 9. At a time only 10 files are listed, if there are more than 10 files, the Next link appears. 10. Click on the Next link to get the next set of 10 files. A Previous link appears, to get the previous set of files. 11. Click on the check box in front of the file name, which you want to pull. 12. In the Specification, specify the number of lines of the log file to be pulled, in the No. of Lines text box. Specify a number between 1 and 10000. The default value of 0 results in pulling the complete log file. This option can only be used in case a single log file is to be pulled. In case multiple log files are selected for pulling, the text box is in disabled state and the complete log file is considered pulled. 13. Specify a valid windows file directory path on the epo server, in the Location to store logs text box. Here the log files in ZIP format is kept, once it is pulled from GTI Proxy Appliance. 14. Click on the Pull button to pull the selected log files from GTI Proxy Appliance. 15. A success message is shown on successful completion of the Pull operation. 16. Additionally the log archive file can be downloaded into the local machine by clicking on the Download button. Purge GTI Proxy Appliance Logs This section describes purging log files from GTI Proxy Appliance. Purge GTI Proxy Appliance Logs Use this task to purge GTI Proxy logs from GTI Proxy Appliance. 3. Click on the Logs tab. server from the drop down combo box, which says Select GTI Proxy Appliance from drop- McAfee GTI Proxy Administration Guide 17
down 5. In the Log Action, select the radio button Purge. 6. In Logs, ensure the GTI Proxy Appliance Log radio button is selected. 7. Click on the button Get File List, to get the list of the GTI Proxy Appliance Log Files in the GTI Proxy Appliance. 8. The GTI Proxy Appliance Log file list with file size appears, a check box is provided in front of each file name to choose the file for purging. 9. At a time only 10 files are listed, if there are more than 10 files, the Next link appears. 10. Click on the Next link to get the next set of 10 files. A Previous link appears, to get the previous set of files. 11. Click on the check box in front of the file name, which you want to purge. 12. Click on the Purge button to purge the selected log files from GTI Proxy Appliance. 13. A success message is shown on successful completion of the Purge operation. Purge GTI Proxy Appliance Performance Logs Use this task to purge GTI Proxy Appliance Performance logs from GTI Proxy Appliance. 3. Click on the Logs tab. 5. In the Log Action, select the radio button Purge. 6. In Logs, ensure the GTI Proxy Appliance Performance Log radio button is selected. 7. Click on the button Get File List, to get the list of the GTI Proxy Appliance Performance Log Files in the GTI Proxy Appliance. 8. The GTI Proxy Appliance Performance Log file list with file size appears, a check box is provided in front of each file name to choose the file for purging. 9. At a time only 10 files are listed, if there are more than 10 files, the Next link appears. 10. Click on the Next link to get the next set of 10 files. A Previous link appears, to get the previous set of files. 11. Click on the check box in front of the file name, which you want to purge. 12. Click on the Purge button to purge the selected log files from GTI Proxy Appliance. 13. A success message is shown on successful completion of the Purge operation. GTI Proxy Appliance Reports This section describes the various reports available for GTI Proxy Appliance. 18 McAfee GTI Proxy Administration Guide
GTI Proxy Agent Coverage Report Use this task to get the GTI Proxy Agent coverage report. This report shows how many managed nodes have GTI Proxy Agent installed on them. 3. Click on the Report Tab. 4. The Boolean Pie chart GTI Proxy Agent Coverage Report shows the coverage report for the GTI Proxy. 5. Clicking on the Green pie shows the list of managed nodes, where GTI Proxy Agent is installed. 6. Red pie shows the list of systems where GTI Proxy Agent is not installed. GTI Proxy Appliance Performance Report Use this task to get the GTI Proxy Appliance Performance report. This report shows the GTI Proxy Appliance Average Response Time and Load Average in a tabular format. Note The system time on the GTI Proxy Appliance and epo Server should be the same for the reports to show accurate and concise information. 3. Click on the Report Tab. 4. If multiple GTI Proxy Appliances are added for monitoring, then select the desired 5. The GTI Proxy Appliance Performance Report shows the Record Time (time at which the data is captured), Load Average (in percentage) and Average Response Time (in milliseconds) in tabular format. Purge GTI Proxy Appliance Performance Report records Use this task to purge the GTI Proxy Appliance Performance report records from the database. 3. Click on the Report Tab. McAfee GTI Proxy Administration Guide 19
5. The GTI Proxy Appliance Performance Report shows the Record Time (time at which the data is captured), Load Average (in percentage) and Average Response Time (in milliseconds) in tabular format. 6. Click on the check box in front of the record, to be purged. 7. Click on the Actions button. 8. Choose Purge from the menu. 9. Click on the Yes button on the confirmation page, to purge the selected records. Archive GTI Proxy Appliance Performance Report records Use this task to archive the GTI Proxy Appliance Performance report records from the database. 3. Click on the Report Tab. 5. The GTI Proxy Appliance Performance Report shows the Record Time (time at which the data is captured), Load Average (in percentage) and Average Response Time (in milliseconds) in tabular format. 6. Click on the check box in front of the record, to be archived. 7. Click on the Actions button. 8. Choose Archive from the menu. 9. A popup window appears. Specify the location, to store the archive file. 10. Click on the OK button, to archive the selected records. GTI Proxy Appliance Average Response Time Report Use this task to get the GTI Proxy Appliance Average Response Time report. This report shows the Average Response Time of the GTI Proxy Appliance in the form of multi line chart plotted against the Record Time. 2. Select Menu Reporting Queries. 3. In the Groups, click on the arrow in front of the Shared Groups. 4. From the list that appears, select GTI Proxy Appliance. 5. All the GTI Proxy Appliance registered Queries appear on the right side of the screen. 20 McAfee GTI Proxy Administration Guide
6. In the GTI Proxy Appliance Average Response Time Report, click on the Run link in the Actions section. 7. A multiline chart showing the GTI Proxy Appliance Average Response Time Report is presented to the user. GTI Proxy Appliance Load Average Report Use this task to get the GTI Proxy Appliance, Load Average report. This report shows the Load Average (%) of the GTI Proxy Appliance in the form of multi line chart plotted against the Record Time. 2. Select Menu Reporting Queries. 3. In the Groups, click on the arrow in front of the Shared Groups. 4. From the list that appears, select GTI Proxy Appliance. 5. All the GTI Proxy Appliance registered Queries appear on the right side of the screen. 6. In the GTI Proxy Appliance Load Average Report, click on the Run link in the Actions section. 7. A multiline chart showing the GTI Proxy Appliance Load Average Report is presented to the user. Creating custom Dashboard for GTI Proxy Appliance This section describes, creating custom dashboards for GTI Proxy Appliance. Using dashboards, the various aspects of the system can be monitored by looking into the reports that is shown inside the dashboards. 2. Select Menu Reporting Dashboards. 3. The default system dashboard appears. Click on the Options button. 4. From the drop down menu, select New Dashboard. 5. Specify a name in the Name textbox. 6. Choose a layout size by selecting an appropriate size in the Size combo box (e.g 2*2 Layout). 7. Click on the New Monitor button to add a report to be shown in the dashboard. 8. On the popup window that appears, select Queries in the Category. 9. The monitor list shows all the report, which can be monitored using this dashboard. 10. From the Shared Groups- GTI Proxy Appliance Reports, select any one report that you want to monitor from this dashboard. 11. Click on the OK button. 12. The selected report gets added to the new dashboard for monitoring. Clicking the Remove button removes the report from the new dashboard. 13. More than one report can be added for monitoring, in a similar manner into each quadrant of the dashboard layout. McAfee GTI Proxy Administration Guide 21
14. Click on the Save button to save the dashboard. 15. A confirmation box appears, which says whether you want to add this Dashboard in the Active set. Active dashboards appear as a Tab upon selecting the Dashboards from Reporting menu. 16. Click on the Close button, on the next screen that follows. GTI Proxy Appliance Logs for Debugging This section describes, some of the logs that are created on the GTI Proxy Appliance by various components running in it. These logs help debugging in case of problem, like communication error between GTI Proxy (epo) and the GTI Proxy Appliance (CentOS VMware image). CMA Logs Use this task to view the CMA logs on the GTI Proxy Appliance. MA creates CMA logs and it logs all communication activities that happen between epo and the CentOS machine. 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Go to the directory /opt/mcafee/cma/scratch/etc. 3. The cma log file is named as log and its rollovers are log.1, log.2 etc. 4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance. GTI Proxy Appliance plugin Logs Use this task to view the GTI Proxy Appliance plugin logs on the GTI Proxy Appliance. GTI Proxy Appliance plugin logs are created by GTI Proxy Appliance plugin (gtipa process) and it logs activities performed from epo on the GTI Proxy Appliance, such as checking status, starting/stopping GTI Proxy Appliance, Pulling/Purging logs. This log helps debugging any issues related to all these activities performed on the GTI Proxy Appliance. 1. Log on to the GTI Proxy Appliance as the user gtip. 2. Go to the directory /opt/mcafee/gtipa. 3. The plugin log file is named as gtipa.log and its rollovers are gtipa.log.1, gtipa.log.2 etc. 4. Type logout, then press Enter. The User gtip is logged out of the GTI Proxy Appliance. 22 McAfee GTI Proxy Administration Guide