EF & E-Series, SANtricity, and Related Plug-ins

trace buffer log, how to read?

gfz-marco
3,738 Views

So, recently, on an EF570, we get "given IP address has attempted too many invalid logins" events.

Following this guide:

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Systems/E-Series_Storage_Array/E-series_the_given_IP_address_has_attempted_too_many_inva...

 

We collected the trace buffer logs, but just how are you supposed to read this?

The output is not plaintext nor xml nor anything readable, so probably needs some decoding?

 

How to handle these logs?

1 ACCEPTED SOLUTION

ahmadm
3,536 Views

There is an alternative method to determine the client IP address that is attempting to login with incorrect password. Once you are able to login into the SANtricity System Manager Web-UI, you can view and audit logins under Settings > Access Management > Audit Log

 

If you are using Unified Manager, it is possible that it has the wrong password configured.

View solution in original post

7 REPLIES 7

AlexDawson
3,688 Views

Hi there! I've moved your topic to the E-Series forum. My reading suggests they should be plaintext - can you put them on a unix/linux system and run file on them to find out? maybe they're compressed?

gfz-marco
3,681 Views

Hi Alex, thx for the move.

I actually did try on *nix, but file identifies this just as "data", also tried hexdump but no success.

Uncompressed Files, from crtl A&B, are actually quite large (~600MB) and a chore to parse...

NetApp_AU
3,619 Views

Hello,

As a NetApp Support engineer, the only way I know how to parse the trace buffers is to use an internal parser tool that Support has. I do not know a public facing way to parse them.

If you open a technical case with NetApp Support, we can help you parse the logs and figure out which IP is triggering the invalid logins.

Team NetApp

gfz-marco
3,604 Views

Did just open a case, lets see how this works out.

ahmadm
3,537 Views

There is an alternative method to determine the client IP address that is attempting to login with incorrect password. Once you are able to login into the SANtricity System Manager Web-UI, you can view and audit logins under Settings > Access Management > Audit Log

 

If you are using Unified Manager, it is possible that it has the wrong password configured.

gfz-marco
3,507 Views

Hello ahmadm,

this actually worked, thanks for pointing it out.

Should be mentioned in the kb article.

ahmadm
3,499 Views

@gfz-marco  Thank you for sharing this update and feedback.

 

We will follow up and update the KB article to include those steps.

Public