EF & E-Series, SANtricity, and Related Plug-ins

trace buffer log, how to read?

gfz-marco
674 Views

So, recently, on an EF570, we get "given IP address has attempted too many invalid logins" events.

Following this guide:

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Systems/E-Series_Storage_Array/E-series_the_given_IP_address_has_attempted_too_many_inva...

 

We collected the trace buffer logs, but just how are you supposed to read this?

The output is not plaintext nor xml nor anything readable, so probably needs some decoding?

 

How to handle these logs?

1 ACCEPTED SOLUTION

ahmadm
472 Views

There is an alternative method to determine the client IP address that is attempting to login with incorrect password. Once you are able to login into the SANtricity System Manager Web-UI, you can view and audit logins under Settings > Access Management > Audit Log

 

If you are using Unified Manager, it is possible that it has the wrong password configured.

View solution in original post

7 REPLIES 7

AlexDawson
624 Views

Hi there! I've moved your topic to the E-Series forum. My reading suggests they should be plaintext - can you put them on a unix/linux system and run file on them to find out? maybe they're compressed?

gfz-marco
617 Views

Hi Alex, thx for the move.

I actually did try on *nix, but file identifies this just as "data", also tried hexdump but no success.

Uncompressed Files, from crtl A&B, are actually quite large (~600MB) and a chore to parse...

NetApp_AU
555 Views

Hello,

As a NetApp Support engineer, the only way I know how to parse the trace buffers is to use an internal parser tool that Support has. I do not know a public facing way to parse them.

If you open a technical case with NetApp Support, we can help you parse the logs and figure out which IP is triggering the invalid logins.

Team NetApp

gfz-marco
540 Views

Did just open a case, lets see how this works out.

ahmadm
473 Views

There is an alternative method to determine the client IP address that is attempting to login with incorrect password. Once you are able to login into the SANtricity System Manager Web-UI, you can view and audit logins under Settings > Access Management > Audit Log

 

If you are using Unified Manager, it is possible that it has the wrong password configured.

gfz-marco
443 Views

Hello ahmadm,

this actually worked, thanks for pointing it out.

Should be mentioned in the kb article.

ahmadm
435 Views

@gfz-marco  Thank you for sharing this update and feedback.

 

We will follow up and update the KB article to include those steps.

Public