ICAP connectivity issue-bluecoat-sgos

discobot · November 21, 2018, 12:38pm

ICAP connectivity issue-bluecoat-sgos

Vendor: bluecoat

OS: sgos

Description:
Indeni will generate a notification if an ICAP connectivity issue is discovered

Remediation Steps:
|1. Login via https to the ProxySG and go to Statistics > Content Analysis . Review the requests graph.
|2. Check if the unit is dealing with high traffic volume.
|3. Make sure that the ICAP service is up and running on the same port as the ProxySG. Configuration > Threat Protection > Malware Scanning > Edit.
|4. For more information review the following Bluecoat guides:
|- https://origin-symwisedownload.symantec.com/resources/webguides/proxysg/certification/sg_firststeps_webguide/Content/Troubleshooting/Malware%20Prevention/troubleshoot_failed_health_check.htm
|- https://origin-symwisedownload.symantec.com/resources/webguides/proxysg/certification/sg_firststeps_webguide/Content/Solutions/MalwarePrevention/add_proxyav.htm
|- https://origin-symwisedownload.symantec.com/resources/webguides/swg_ca/policy/Default.htm
|5. If the problem persists, contact Symantec Technical support at https://support.symantec.com for further assistance.

How does this work?
Indeni logs in over SSH and executes “show health-checks statistics”. The output includes the current state of each service.

Why is this important?
The ProxySG device is integrating with a variety of different services like ICAP and DTTR. It is important to monitor the current state of the services, otherwise the organization might suffer from security risks and unavailability of external resources.

Without Indeni how would you find this?
Login via HTTPS (Port 8082) to the Bluecoat ProxySG and go to the menu Statistics> Health Checks and review the state of each service.

bluecoat-show-health-checks-statistics

name: bluecoat-show-health-checks-statistics
description: Get DNS servers states and response times
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: bluecoat
    os.name: sgos
comments:
    dns-server-state:
        why: |
            Even though DNS servers are configured, that does not guarantee that they work. Many products require a fully functional DNS server being set.
        how: |
            Using the built-in "dig" command, each configured DNS server on the device is sent a query to resolve www.indeni.com
        can-with-snmp: false
        can-with-syslog: false
    dns-response-time:
        why: |
            Slow DNS lookups could impact production traffic negatively by causing delays for client requests.
        how: |
            Indeni logs on to the device and executes the command "show health-checks statistics".
        can-with-snmp: false
        can-with-syslog: false
    dns-average-response-time:
        why: |
            Slow DNS lookups could impact production traffic negatively by causing delays for client requests.
        how: |
            Indeni logs on to the device and executes the command "show health-checks statistics".
        can-with-snmp: false
        can-with-syslog: false
    bluecoat-icap-state:
        why: |
            The ProxySG device is integrating with a variety of different services like ICAP. It is important to monitor the current state of the service.
        how: |
            Indeni logs in over SSH and executes "show health-checks statistics". The output includes the current icap state.
        can-with-snmp: false
        can-with-syslog: true
    bluecoat-process-state:
        why: |
            The ProxySG device is integrating with a variety of different services like ICAP and DTTR. It is important to monitor the current state of the services, otherwise the organization might suffer from security risks and unavailability of external resources.
        how: |
            Indeni logs in over SSH and executes "show health-checks statistics".  The output includes the current state of each service.
        can-with-snmp: false
        can-with-syslog: true
    bc-identity-integration-connection-state:
        why: |
            It is important to make sure that the connectivity between the ProxySG and the authentication servers is up and running.
        how: |
            Indeni logs in over SSH and executes "show health-checks statistics".  The output includes the current state of each service.
        can-with-snmp: false
        can-with-syslog: true
    auth-response-time:
        why: |
            Slow authentication connectivity could impact production traffic negatively by causing delays for authenticated client requests.
        how: |
            Indeni logs on to the device and executes the command "show health-checks statistics".
        can-with-snmp: false
        can-with-syslog: false
    bluecoat-external-rating-service-state:
        why: |
            It is important to make sure that the connectivity between the ProxySG and the Dynamic Real-time Rating Service (DRTR) servers is up and running.
        how: |
            Indeni logs in over SSH and executes "show health-checks statistics".  The output includes the current state of DRTR service.
        can-with-snmp: false
        can-with-syslog: true
    auth-average-response-time:
        why: |
            Slow authentication connectivity could impact production traffic negatively by causing delays for authenticated client requests.
        how: |
            Indeni logs on to the device and executes the command "show health-checks statistics".
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show health-checks statistics
    parse:
        type: AWK
        file: show-health-checks-statistics.parser.1.awk

BlueCoatIcapRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/bluecoat/proxysg/BlueCoatIcapRule.scala