Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Collecting debug data from the Interscan Web Security (IWS) Hybrid 3.0 on-premise scanner

    • Updated:
    • 23 Mar 2018
    • Product/Version:
    • InterScan Web Security as a Service 3.0
    • Interscan Web Security Hybrid All.All
    • Platform:
    • N/A N/A
Summary

You want to know to collect verbose HTTP logs and a packet capture from the on-premise scanner for InterScan Web Security Hybrid 3.0.

Details
Public
  1. Log on to the on-premise scanner either directly or via SSH as root.
  2. Edit the configuration file /etc/iscan/intscan.ini as described in the KB article: Editing configuration files of Linux-based products then do the following to modify the parameter:

    1. Find the parameter "verbose" in the [http] section.

       
      This parameter appears in other sections as well, so it is important to find the right one.
    2. Change the value of the parameter from "0" to "1" so the line looks like this: verbose=1
    3. Exit and save.
  3. Reload the configuration with the following command: 

    /etc/iscan/S99ISproxy reload

  4. Start a packet capture with the following command:

    tcpdump -i any -s0 -w /var/tmp/tcpdump.pcap -W 5 -C 200

     
    • "-i any" enables tcpdump to listen to any interface.
    • "-s0" tells tcpdump to collect the entire packet content.
    • "-W 5" tells tcpdump to store up to 5 rollover files (tcpdump.pcap0, tcpdump.pcap1 … tcpdump.pcap5, at which point it starts over).
    • "-C 200" tells tcpdump to store up to 200 MB of packet data per file.
  5. Reproduce the issue.
  6. Stop the packet capture with CTRL+C.
  7. Stop HTTP verbose logging by:

    1. Changing the value of the parameter "verbose" in the [http] section of the file /etc/iscan/intscan.ini back to "0".
    2. Reloading the configuration afterwards (as in step 3).
  8. Collect the following information:

    • URL and/or name of file accessed during reproduction
    • Screenshots of what happens when the issue is reproduced
    • All files in the folder /var/tmp/ starting with "tcpdump.pcap" using an SCP client such as WinSCP or an FTP client such as FileZilla in SFTP mode 
    • Open the web console for the on-premise scanner, go to System > Diagnostics, generate a diagnostics file and download it.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1119531
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.