Skip to main content

 

 

Cisco Defense Orchestrator

Troubleshoot Messages and Statuses Reported By CDO

Issue: Generating SEC Bootstrap data failed. 

Symptom: While generating SEC bootstrap data in CDO, the "bootstrap generation" step fails with the error, "There was an error fetching the bootstrap data. Please try again."

Repair: Retry bootstrap data generation again. If it still fails, raise a CDO support ticket.

Issue: SEC status is "Inactive" in CDO Secure Connectors page after onboarding

Symptom: The Secure Event Connector status shows "Inactive" in the CDO Secure Connectors page for one of these reasons: 

  • Heartbeat failed
  • Connector registration failed

Repair:

  • Heartbeat failed: Request SEC heartbeat and refresh Secure Connector page to see if the status changes to "Active", if not check if the Secure Device Connector registration failed.
  • Connector registration failed: Refer issue Troubleshooting SEC Registration Failure.

Issue: The SEC is "online", but there are no events in CDO Event Logging Page

Symptom: The Secure Event Connector shows "Active" in CDO Secure Connectors page but you do not see events in CDO Event viewer.

Solution or workaround:

  1. Login to the VM of the on-premise SDC and as the 'sdc' user. At the prompt, type sudo su - sdc.
  2. Perform these checks:
  • Check SEC connector log ( /usr/local/cdo/data/<tenantDir>/event_streamer/logs/connector.log ) and ensure the SEC registration was successful. If not, refer issue "Secure Event Connector Registration failure".
  • Check SEC events log( /usr/local/cdo/data/<tenantDir>/event_streamer/logs/events-plugin.log ) and ensure that the events are being processed. If not, contact CDO support
  • Log in to SEC docker container and execute the command "supervisorctl -c /opt/cssp/data/conf/supervisord.conf " and ensure the output is as shown below and all processes in RUNNING state. IIf not, contact CDO support

estreamer-connector              RUNNING   pid 36, uptime 5:25:17

estreamer-cron                   RUNNING   pid 39, uptime 5:25:17

estreamer-plugin                 RUNNING   pid 37, uptime 5:25:17

estreamer-rsyslog                RUNNING   pid 38, uptime 5:25:17

  • Ensure that the firewall rules on the on-premise SDC are not blocking the UDP and TCP ports shown for the SEC on the Secure Connectors page:

csal_trouble_ports.png

  • If you have setup SDC manually using a CentOS 7 VM of your own and have the firewall configured to block incoming requests, you could execute the following commands to unblock the UDP and TCP ports:

firewall-cmd --zone=public --add-port=<udp_port>/udp --permanent
firewall-cmd --zone=public --add-port=<tcp_port>/tcp --permanent
firewall-cmd --reload

  • Using Linux network tools of your choice, check if packets are being received on these ports. If not receiving, re-check the FTD logging configuration.

If none of the above repairs work, raise a CDO support ticket.