Juniper STRM Troubleshooting Manual
  1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Security System
  5. STRM
  6. Troubleshooting manual

Juniper STRM Troubleshooting Manual

Security threat response manager
Hide thumbs Also See for STRM:
Table of Contents

Advertisement

Quick Links

Download this manual
Security Threat Response Manager
STRM Troubleshooting Guide
Release 2013.2
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Published: 2013-07-19

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the STRM and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Juniper STRM

Summary of Contents for Juniper STRM

  • Page 1 Security Threat Response Manager STRM Troubleshooting Guide Release 2013.2 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Published: 2013-07-19...
  • Page 2 END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at http://www.juniper.net/support/eula.html,...
  • Page 3 For the convenience of Licensee, the Program may be accompanied by a third party operating system. The operating system is not part of the Program, and is licensed directly by the operating system provider (e.g., Red Hat Inc., Novell Inc., etc.) to Licensee. Neither Juniper Networks nor Q1 Labs is a party to the license between Licensee and the third party operating system provider, and the Program includes the third party operating system “AS IS”,...

  • Page 5: Table Of Contents

    Purging STRM files ........

  • Page 7: About This Guide

    The STRM Troubleshooting Guide provides diagnostic and resolution information for common system notifications and errors that can be displayed when using STRM. This guide is intended for all STRM users responsible for investigating and Audience managing network security. This guide assumes that you have STRM access and a knowledge of your corporate network and networking technologies.

  • Page 8: Requesting Technical Support

    7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/...

  • Page 9: Strm System Notifications

    STRM notifications. Error messages can occur for a variety of reasons. After consulting this guide, if you are unable to resolve a STRM error or system notification message, gather diagnostic information and contact Juniper Customer Support. Each host in your STRM deployment monitors the availability of partitions using Performance hostcontext.

  • Page 10: Verifying The Problem

    If you are using a local file system on your STRM appliance, you might have a • file system issue or your disk might have failed. contact Juniper Customer Support.

  • Page 11: Application Error After Protocol Update

    Vulnerability Information Services (VIS) components. Update The message indicates that the web server might not have started after STRM was updated. The web server might be storing old files in memory. To remove these files you must purge your STRM files. See Purging STRM files.

  • Page 12: Verifying Disk Usage Levels

    Issues. NOTE partition can continue to operate when disk usage reaches 100%. /var/log However, log data will not be written to disk and this can affect STRM startup processes and components. For more information, see Resolving Disk Usage Issues. You can verify the usage levels of the partitions on your STRM Console or Verifying Disk Usage Managed Host.

  • Page 13: User Configurations That Impact Event Processing

    Activity export has occurred, contact Juniper Customer Support for assistance with removing data from your system. If the /var/log file system reaches 100% capacity, STRM will not shut down. However, there might be other issues which will cause your log files to grow faster than expected.
  • Page 14 Using a DSM extension, you can create custom parsing methods, based on regex pattern matching, to extract event data from unsupported log sources. As DSM extensions are used by the STRM parsing engine, the regex patterns used in your extension can impact event processing. For more information see,...

  • Page 15: Global Views

    Regular expressions tests Rules that test if the event payload contains or matches a regular expression, perform a search of the entire payload and have a greater impact on STRM performance. Before you add a payload test to a rule, include filters in the rule that reduce the number of events.

  • Page 16: Limited Disk Space To Perform Backup

    Disk usage warnings can occur on the Console or any Managed Host in your STRM deployment. To check disk usage levels, review the monitored partitions on your STRM Console or Managed Hosts. Procedure Using SSH, log in to the STRM Console or Managed Host as the root user: Step 1 Username: root Password: <password>...
  • Page 17 Channel. For more information, see the STRM Offboard Storage Guide. If your STRM backup partition is mounted on an NFS share, the retention period for the backup can be too high. By default, the backup retention period is two days.

Table of Contents