Troubleshooting of Qualys TotalCloud CDR

CDR Appliance - Dialog Box

The CDR Appliance dialog box, accessible under AWS Connect, retrieves real-time status updates of the Appliance and assists with troubleshooting in the event of any issues.

Let's delve into each feature that the dialog box offers:

1. Accessing the Dialog Box

To access the dialog box:

Select CDR EC2.
Click Connect → Connect to instance.

2. Home Screen

Upon successful access, the home screen of the dialog box is displayed.

The registration status of the CDR Appliance is prominently showcased just below the deployment name (e.g., Registered).
The running status of the CDR Appliance is displayed with the registration status (e.g., Sensing). For further details, refer to the table below.

#Item	Description
Version	The software version of the CDR Appliance.
Deployment Name	The grey box at the top heading displays the deployment name entered by the user in the Qualys UI during deployment creation. For example, it could be "aws-Testing". This name is colon-separated by the instance ID.
Registration Status	Registered	CDR Appliance registered to Qualys cloud with the CDR license key provided.
Registration Status	Not Registered	CDR Appliance is not yet registered with Qualys Cloud.
Running status	Sensing	The appliance is connected to Qualys Cloud
	ECO	Stands for Extended Connectivity Outage. Connectivity to Qualys Cloud is impacted for more than 30 mins continuously.
	Communication Error	Connectivity to Qualys Cloud is impacted for 3 to 5 mins duration.
System Reboot option	System Reboot option reboots the CDR Appliance EC2.
System Shutdown	The system Shutdown option shuts down the CDR Appliance EC2.

3. Show Network Status Screen

This screen presents the network interface configurations of the CDR Appliance.

4. About Screen.

Navigate to this screen to view all internal modules along with their respective version details. Scroll through the information using the arrow keys.

5. Diagnostics screen.

Diagnostics are offered at both Appliance and Network levels.

6. Appliance Diagnostics screen.

This screen provides detailed diagnostics specific to the Appliance.

#Item	Description
Appliance Health Statistics	System Memory Utilization: Current RAM statistics at system level.
	System CPU Utilization: CPU statistics of the last one-hour duration sampled once every 10 mins.
	Process Status: Running status of individual processes within the Appliance.

#Item	Description
Display Log File	Recent Log File: User can navigate to recent SYSLOGs of CDR Appliance. User can browse through logs with UP and DOWN arrow key. User can search also by pressing / key and then type keyword to search. The matching string with the keyword will be displayed at the top.
Live Logs: This will display tail of live SYSLOGs.

#Item

Description

Display Log File

Recent Log File: User can navigate to recent SYSLOGs of CDR Appliance.

User can browse through logs with UP and DOWN arrow key.
User can search also by pressing / key and then type keyword to search.
The matching string with the keyword will be displayed at the top.

Live Logs: This will display tail of live SYSLOGs.

#Item	Description
Display Traffic Statistics ‎	User can see traffic statistics logs here. Actual stats: Packets received and fowarded to DPI stack in pps unit during last 15 secs in along with drop count. Total Stats: Total packets received and fowarded to DPI stack since bootup in along with drop count.

#Item

Description

Display Traffic Statistics

‎

User can see traffic statistics logs here.

Actual stats: Packets received and fowarded to DPI stack in pps unit during last 15 secs in along with drop count.
Total Stats: Total packets received and fowarded to DPI stack since bootup in along with drop count.

7. Network Diagnostics screen.

#Item	Description
Network Diagnostics ‎	Show Mirrored Traffic: This menu will display mirror traffic seen on CDR Appliance's network interface. Useful to confirm whether mirrored traffic received on appliance. regular tcpdump output format. It will first capture traffic for 1 min duration and then display buffered output in dialog window.
Traceroute: supports traceroute to IP/FQDN Useful to troubleshoot network connectivity issues.
Ping: Supports ping to IP/FQDN Useful to troubleshoot network connectivity issues.

#Item

Description

Network Diagnostics
‎

Show Mirrored Traffic: This menu will display mirror traffic seen on CDR Appliance's network interface.

Useful to confirm whether mirrored traffic received on appliance.
regular tcpdump output format.
It will first capture traffic for 1 min duration and then display buffered output in dialog window.

Traceroute:

supports traceroute to IP/FQDN
Useful to troubleshoot network connectivity issues.

Ping:

Supports ping to IP/FQDN
Useful to troubleshoot network connectivity issues.

Troubleshooting/Debugging Appliance Logs:

Common Error strings on CDR Appliance Console - corrective actions to fix

Error String	Fix
"Deployment Account ID Mismatch: The Account ID specified in the deployment UI is <value>, while the Account ID for deployed appliance is <value>. Deploy in the Account ID specified in Qualys UI."	Deploy in the AWS Account ID specified in Qualys UI while creating deployment.
"Incorrect CDR key: <CDR key>. Deploy using CDR key specified in Qualys UI."	Deploy using CDR key specified in Qualys UI.
"The CDR Appliance information already exists. Delete and redeploy CDR stack."	Delete and redeploy Qualys CDR stack.
"Deployment Region Mismatch: The region specified in the deployment UI is <value>, while the region for deployed appliance is <value>. Deploy in the region specified in Qualys UI."	Deploy in the correct region as specified in Qualys UI.
"CDR key not found."	Ensure correct CDR key supplied in Terraform/CFT scripts.
"Cannot find registration URL for the provided CDR key. Contact Qualys Support."	Ensure correct CDR key supplied in Terraform/CFT scripts.
"Incorrect CDR key or registration URL not found. Contact Qualys support if CDR key matches from Qualys UI."	Ensure correct CDR key supplied in Terraform/CFT scripts.
"Incorrect CDR key: <wrong CDR key>. Redeploy using correct CDR key."	Ensure correct CDR key supplied in Terraform/CFT scripts.
"Failed to map Qualys service URL from CDR key <CDR key>. Contact Qualys support."	Ensure correct CDR key supplied in Terraform/CFT scripts.
"HTTP error, request timed out during appliance registration with Qualys platform. Please check network connectivity and try again later."	Possible causes: Firewall, proxy, network connectivity issues
"Connection error occurred during appliance registration with Qualys platform. Possible DNS, route, proxy or certificate issues. Please check network settings. In case of authentication errors, contact Qualys support."	Check network settings