Diagnostic Commands and Tools

There is extensive debug capability for troubleshooting issues with the Firewall MC. This section gives you details on how to use this capability efficiently.

Collecting the Debug Information (Diagnostics)

If you encounter problems while working with Firewall MC, You can view this debug information in two ways: by using a GUI and by using CLI.

Using GUI

You can view the debug log messages in the Common Services user interface, by selecting VPN Security Management Solution > Admin > Logging > Operation. This is useful for viewing the information in real time without having console access to the Firewall MC server. However, to analyze the log offline or to send this information to the Cisco support center for additional analysis, you may want to follow the procedure described in the following section.

Using CLI

As mentioned earlier, to analyze the log offline or to provide the debug to Cisco Support team, you can use a command line utility included in CiscoWorks Common Services. This is called MDCSupport.exe. This utility collects configuration and system information in a .zip file called MDCSupportInformation.zip. To run this utility, simply open a DOS prompt on the Firewall MC server, and type MDCSupport. If you do not specify a location, the MDCSupportInformation.zip file is created in the default location: the c:\>Program Files\CSCOpx\MDC\etc directory. If you have installed the CiscoWorks Common Services in a different location, the file will be generated under that directory instead of c:\.

What Does the CiscoWorks MDCSupport Utility Generate?

After generating the MDCSupportInformation.zip file, it is very important to know what files and information this file collects pertaining to Common Services and Firewall MC. Following is a list of files that the MDCSupportInformation.zip file contains:

• Configuration and log files for the Apache web serverThese files are located at CSCOpx\MDC\Apache\conf and CSCOpx\MDC\Apache\logs, respectively.

• Configuration and log files for the Tomcat servlet engineThese are located at CSCOpx\MDC\Tomcat\conf and CSCOpx\MDC\Tomcat\logs, respectively. The important logs here are the stdout.log and stderr.log for the Tomcat process.

• A full copy of the KRS database.

• A full copy of the Sybase database.

• All the operations and audit logs for applications using Common ServicesThese are located at CSCOpx\MDC\log and CSCOpx\MDC\log\audit, respectively.

• The Core Client Registry (CCR)This is located at CSCOpx\MDC\etc\regdaemon.xml.

• Some diagnostic information collected about your system.

• Installation logs for all the CiscoWorks-related install activities on your system.

Other Useful Log Files Not Collected by mdcsupport

Not every file that can be used to diagnose all the problems is included in the MDCSupportInformation.zip file. Some of the files that are not included in the MDCSupportInformation.zip file are described in the list that follows:

• Any log file of the form hs_err_pid*.log located in the CSCOpx\MDC\Tomcat directory. For example, hs_err_pid1396.log. These log files are normally the result of hard crashes to the tomcat process and are not common.

• The CoreTib.log file, located in the CSCOpx\logs. This log file provides information about the Core tibco process.

• The log files for the JRun servlet engine. This file is located at CSCOpx\lib\jrun\finish log pathMMF.