Troubleshooting: APE Known Issues

1 Pre-requisite
2 When data is coming on Kafka, not showing on the UI
3 Cannot GET nextgen/v1 Error
4 When Kernel Message flooded on the console
5 APE Reprovisioning
- 5.1 Conditions when we need to Reprovision the APE
6 How to check license validity from APE server
7 How to change access port for UI
8 Error while wrong server setup is done

Pre-requisite

Make sure that data is coming from CCE to kafka, all CCE is working fine to forward the logs and flows.

To check that please follow below document:

https://seceonhelp.freshdesk.com/support/solutions/articles/81000410843-troubleshooting-cce-known-issues

If everything working fine on CCE then after that check it on APE server.

When data is coming on Kafka, not showing on the UI

First to check if the data is coming on cce-events and seceon-events or not, to check follow the below step.

Login on APE server with seceon user
Go inside the kafka container:

otmdoc -s sape-kafka-1

3. Run the below cmd to check if data is coming to cce-events and seceon-events.

./kafka-con.sh cce-events | grep ABC1234 (ABC1234 is the example of tenant ID)

4. If data is coming to cce-events and not showing on UI then restart the sape-event-processor by runinng the below cmd:

otmdoc -r sape-event-processor

5. If data is coming to seceon-events and not showing on UI, to check that run the cmd:

./kafka-con.sh seceon-events | grep ABC1234

6. If data is coming on this topic then check the disk of the server.

df -h

7. If disk get filled up then we have to free up the space and ask one to increase the disk size.

8. For temporary fix of reducing the disk, you can do fiollowing.

a. Login on seceon UI and reduce the retention period for theat indicator, alerts and aggregated flows.

b. After that do the following from APE server, run the below cmd to free up the space..

otmdoc -s ddrc
python es_index_rollover.py
python es_data_purging.py

Cannot GET nextgen/v1 Error

After the installation of APE when we login to UI in order to apply the license, we may face this type of error.

To fix this follow the below steps.

Login on APE server using seceon user
Run the command: otmdoc -o ller-2

3. Run the command: otmdoc -s ller-2

4. Then run the command: otmdoc -l ller-2

5. If you are getting the error showed in above screenshot(img4) then run the command: otmdoc -r ller-2

6. Then again run the command: otmdoc -o ller-2

7. Then run the command: python create-service-route-ape.py

8. Exit from the directory and come to the path /home/seceon and ask customer to open UI in fresh tab with putting https://10.0.0.1 (APE IP)

When Kernel Message flooded on the console

Login as root on server (APE, CCE)
Run the command dmesg -n 1
Again run the command vi/etc/sysctl.conf and hit enter
Add the file to the end of line kernel.printk = 3 4 1 3
To save the file, run the command esc:wq! and to exit, run the command esc:q! to exit the file.
sysctl -w kernel.printk="3 4 1 3"

You can verify it by using command sysctl kernel.printk

APE Reprovisioning

Conditions when we need to Reprovision the APE

During the APE reprovision, it is commanded to have LTS (or both LTS and CCE) on the same machine, in that case, we need to reprovision the APE, while reprovisioning the APE server will ask like:

APE-CCE co-exists: yes (if cce is on the same machine as well)
APE –LTS co-exists: yes (Always)

2. If someone increases or decreases the HW resources of the APE server.

3. If someone change the timezone of APE server

To reprovision the APE follow the below document.

https://seceonhelp.freshdesk.com/support/solutions/articles/81000410802-ape-re-provisioning

How to check license validity from APE server

Login on APE server with seceon user.

Run the below cmd to check the license details.

curl -XGET localhost:8080/license

How to change access port for UI

After APE upgradation, We do the following process of port forwarding so that we can access the UI using the port with pubic IP of APE.

Go inside the APE package as :

cd <ape package>

2. Then go to the "kong" folder as:

cd provisioning/playbook/kong/

3. Change the port in "kong_var.yml" file as:

vi kong_var.yml

Before changes:

After changes:

4. Then run the below command from the playbook folder:

ansible-playbook kong/deploy-kong.yml --extra-vars "@system-config.yml"

5. Verify it by running this command : docker ps | grep kong

Error while wrong server setup is done

Following is the error we receive when the server setup is not done properly, to fix this we need to do the server setup again accurately.

Command to do the server setup: curl https://si.seceon.com:8444/repos/env/seceon-env-setup.txt --output ./seceon-env-setup.sh -k && bash ./seceon-env-setup.sh