Trend Micro - Securing Your Journey to the Cloud Business
Success
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Creating the Case Diagnostic Tool manually in InterScan Web Security Virtual Appliance (IWSVA)

    • Updated:
    • 3 May 2021
    • Product/Version:
    • Interscan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

Generate the Case Diagnostic Tool (CDT) manually if the IWSVA web console is not available. The CDT is used by Trend Micro Technical Support for further analysis and troubleshooting of issues.

Details
Public

To enable debugging and generate the CDT:

  1. Connect to IWSVA via SSH as the "root" user.
  2. Activate the debug mode:
    1. Open the /var/iwss/intscan.ini file using a text editor.
    2. Look for the following entry:

      [http]
      #Switch for debug log
      # 1 -> turn on
      # 0 -> turn off
      verbose=0

    3. Change the verbose line to "1" so that the entry should look like:

      [http]
      #Switch for debug log
      # 1 -> turn on
      # 0 -> turn off
      verbose=1

    Note: If you need to do the same for FTP, look for the same section for this protocol, which starts with [ftp] and provide the same option to turn on verbose mode.

  3. Restart IWSS deamon by using the following commands:

    /var/iwss/S99ISproxy stop
    /var/iwss/S99ISproxy start

     
    For FTP, replace S99S99ISproxy with S99ISftp in the command above.
     
  4. From the shell, capture network traffic using the following command where ddmmyy is for the date of the capture.

    # tcpdump -s0 -i eth0 -w /tmp/iwsva_debug_ddmmyy.pcap

  5. Stop capturing the network traffic from the appliance and save the files by pressing CTRL + C. This will save the .pcap file created in point 3 as described above (i.e. /tmp/iwsva_debug_ddmmyy.pcap).
  6. Launch the CDT using by running the following command:

    # su iscan -c "/var/iwss/CDT_IWSS.sh -d /var/iwss/UserDumps"

  7. Check the CDT output saved in the folder /var/iwss/UserDumps. The file format will appear as: Info_<date>_<Timestamp>.tar.gz.

     
    To get the file, connect to IWSVA using WinSCP over SCP protocol. Use the root account.
     
  8. Revert the change made by disabling the verbose logging level:
    1. Open the /var/iwss/intscan.ini file using a text editor.
    2. Look for the following entry:

      [http]
      #Switch for debug log
      # 1 -> turn on
      # 0 -> turn off
      verbose=1

    3. Change the verbose line to "0" so that the entry should look like:

      [http]
      #Switch for debug log
      # 1 -> turn on
      # 0 -> turn off
      verbose=0

  9. Restart IWSS deamon using the following commands:

    /var/iwss/S99ISproxy stop
    /var/iwss/S99ISproxy start

     
    For FTP, replace S99S99ISproxy with S99ISftp in the command above.
     
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
1097063
Feedback
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.
Related Articles

This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.

Learn More Ok, got it