Foglight Experience Monitor 5.8.1 - Installation and Administration Guide

Creating a support bundle

When working towards a resolution with Support, there may be occasions where you are requested to send a support engineer a support bundle that will help to diagnose the issue.

Click the Support Bundle link to generate a file containing the support bundle that you can save to your local hard drive. This file can then be emailed to a technical support representative.

Monitor NIC activity test

The monitor NIC, when attached to your network tap, monitors designated HTTP and HTTPS traffic on your network.

You can use the Verify Monitor NIC utility to confirm that this network traffic is visible to the appliance. When clicked, the Verify Monitor NIC window displays, asking whether you want to have the appliance listen for network traffic using the ports that were originally configured, or using all ports.

Remember that you first configured which ports were used to monitor HTTP/HTTPS traffic in Configuring protocols. Also, see Managing protocols on a Portal for more information on managing port settings.

After selecting the ports and clicking Go, the Verify Monitor NIC window displays network traffic messages, confirming whether the Monitor NIC is detecting network traffic.

IMPORTANT: The packets dropped message at the bottom of this message window should not be considered significant. The Verify Monitor NIC test runs at a much lower priority than the internal the appliance system agent. Consequently, some packet drops are to be expected when reported here. Actual packet drop rates can be determined through examining the system logs. Contact technical support for information on how to do this.

TCP dump

When working towards a resolution with Support, there may be occasions where you are requested to send a support engineer a TCP file dump. Clicking TCP Dump Utilities allows you to create a file containing a TCP dump representing a specified amount of time.

The TCP Dump Utilities dialog box allows you to specify the amount of time the tcpdump collection process will run. Generally, you will want to limit the amount of time in order to keep the tcpdump file from growing to an extremely large size.

The by device option provides a list from which you can specify the monitoring NIC that should used for the tcpdump capture. This choice gathers traffic for all ports that are currently configured on the Configure > Monitoring > Protocols page.

If you need more control over the traffic that will be captured, select the by filter option and specify a filter that tcpdump process will use. An example of a filter is host 192.168.1.10 and port 80. This captures all traffic going to and from server 192.168.1.10 over port 80. The filter string you type is appended to the following default settings: -i any -s 1518 -w outputfile. Using this filter string means that you cannot specify a particular monitoring port (such as eth2) with this option.

TIP: You can see any Linux® manual for a description of the parameters that can be passed to a tcpdump.

Once complete, you should contact your Technical Support representative to determine the best way to transmit this file. TCP dumps can be quite large and generally cannot be sent using email.

IMPORTANT: A TCP dump file could contain confidential information depending on what type of application you are monitoring. Make sure you are following your organization’s security policies and use appropriate safeguards when transferring TCP dump files to technical support. In some cases, your security policies may not allow you to transfer such data.

Appendix: Third party software

This section provides details about third party software that enables you to configure and use the Foglight Experience Monitor more effectively.

For more information, see Using X-Forwarded-For.