Upload
others
View
25
Download
0
Embed Size (px)
Citation preview
1 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
1 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Abstract
This troubleshooting guide helps you to troubleshoot issues with Antivirus scan.
October 30, 2018
EMC ISILON CUSTOMER TROUBLESHOOTING GUIDE
TROUBLESHOOT ISSUES WITH ANTIVIRUS SCAN IN ONEFS
OneFS 7.1.0 - 8.1.0
2 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
2 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Contents and overview
Page 3 Before you beginPage 3 Before you begin
Page 4 Start troubleshootingPage 4 Start troubleshooting
Page 5 Check the ICAP serversPage 5 Check the ICAP servers
Page 8 Confirm that the isi_avscan_d service is runningPage 8 Confirm that the isi_avscan_d service is running
Page 10 Cluster performance is degraded when AVScan is runningPage 10 Cluster performance is degraded when AVScan is running
Note Follow all of these steps, in order, until you reach a resolution.
1. Follow these
steps.
2. Perform
troubleshooting
steps in order.
3. Appendixes
Appendix B How to use this flowchartAppendix B How to use this flowchart
Page 11 Confirm AVScan configurationPage 11 Confirm AVScan configuration
Page 12 Temporarily disable Scan on open or Scan on closePage 12 Temporarily disable Scan on open or Scan on close
Page 14 Check the health of the nodesPage 14 Check the health of the nodes
Page 15 AVScan job does not completePage 15 AVScan job does not complete
Page 17 AVScan takes an unusually long time to completePage 17 AVScan takes an unusually long time to complete
Page 19 AVScan timeoutsPage 19 AVScan timeouts
Page 21 The cluster has reported a threatPage 21 The cluster has reported a threat
Appendix C Example outputAppendix C Example output
Appendix D Example outputAppendix D Example output
Appendix E Example outputAppendix E Example output
Appendix F Example outputAppendix F Example output
Appendix A If you need further assistanceAppendix A If you need further assistance
3 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
3 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Configure screen logging through SSH
We recommend that you configure screen logging to log all session input and output during your troubleshooting session.
This log file can be shared with Isilon Technical Support, if you require assistance at any point during troubleshooting.
Note: The screen session capability does not work in OneFS 7.1.0.6 and 7.1.1.2. If you are running either of these versions,
you can configure logging by using your local SSH client's logging feature.
1. Open an SSH connection to the cluster and log in by using the root account.
Note: If the cluster is in compliance mode, use the compadmin account to log in. All compadmin commands must be
preceded by the sudo prefix.
2. Change the directory to /ifs/data/Isilon_Support by running the following command:
cd /ifs/data/Isilon_Support
3. Run the following command to capture all input and output from the session:
screen -L
This will create a file named screenlog.0 that will be appended to during your session.
4. Perform troubleshooting.
Before you begin
CAUTION!If the node, subnet, or pool that you are working on goes down during the course of
troubleshooting and you do not have any other way to connect to the cluster, you could
experience data unavailability.
Therefore, make sure that you have more than one way to connect to the cluster before
you start this troubleshooting process. The best method is to have a serial console
connection available. This way, if you are unable to connect through the network, you
will still be able to connect to the cluster physically.
For specific requirements and instructions for making a physical connection to the
cluster, see article 304071 on the EMC Online Support site.
Before you begin troubleshooting, confirm that you can connect through either another
subnet or pool, or that you have physical access to the cluster.
CAUTION!If the node, subnet, or pool that you are working on goes down during the course of
troubleshooting and you do not have any other way to connect to the cluster, you could
experience data unavailability.
Therefore, make sure that you have more than one way to connect to the cluster before
you start this troubleshooting process. The best method is to have a serial console
connection available. This way, if you are unable to connect through the network, you
will still be able to connect to the cluster physically.
For specific requirements and instructions for making a physical connection to the
cluster, see article 304071 on the EMC Online Support site.
Before you begin troubleshooting, confirm that you can connect through either another
subnet or pool, or that you have physical access to the cluster.
4 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
4 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Start troubleshooting
Start
IntroductionStart troubleshooting here. For an overview
of the conventions used in this flowchart, see
Appendix B: How to use this flowchart.
IntroductionStart troubleshooting here. For an overview
of the conventions used in this flowchart, see
Appendix B: How to use this flowchart.
If you have not done so already, log in to
the cluster and configure screen logging
through SSH, as described on page 3.
If you have not done so already, log in to
the cluster and configure screen logging
through SSH, as described on page 3.
Run the following command to verify whether
the Antivirus scan service is enabled:
isi services -a isi_avscan_d
Is the
isi_avscan_d
service
enabled?
Run the following command to enable to service:
isi services -a isi_avscan_d enable
No
Go to Page 5Go to Page 5
Yes
Did this resolve
the problem?No
End troubleshooting
Yes
5 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
5 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Check the ICAP servers
Page
5
You could have arrived here from:
• Page 4 - Start troubleshooting
You could have arrived here from:
• Page 4 - Start troubleshooting
Check the status of your ICAP servers by running the following commands for your version of OneFS:
OneFS 8.0 through 8.1
Run the following command to list all ICAP servers:
isi antivirus servers list
To view the status of the ICAP servers, run the following command for each ICAP server, where
<URL> is the URL of the ICAP server listed in the output from above:
isi antivirus servers view <URL>
Accessible ICAP servers will show a Status of active.
OneFS 7.1 through 7.2
isi avscan config
Accessible ICAP servers will show a Status of alive.
See Appendix C for example output.
Do you
have any ICAP
servers?
Is each ICAP
server
accessible?
Yes
Go to Page 6Go to Page 6Yes
You must install and configure one
or more ICAP servers. For more
information about configuring an
ICAP server, see the Antivirus
chapter in the Isilon OneFS Web
Administration Guide for your
version of OneFS.
If you continue to experience issue
after installing and configuring ICAP
servers, restart troubleshooting at
the top of this page.
You must install and configure one
or more ICAP servers. For more
information about configuring an
ICAP server, see the Antivirus
chapter in the Isilon OneFS Web
Administration Guide for your
version of OneFS.
If you continue to experience issue
after installing and configuring ICAP
servers, restart troubleshooting at
the top of this page.
No
No
____________________
6 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
6 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Check the ICAP servers (2)
Page
6
You could have arrived here from:
• Page 5 - Check the ICAP servers
You could have arrived here from:
• Page 5 - Check the ICAP servers
Do all of the
ICAP servers have a
status of alive or
active?
Go to Page 7Go to Page 7Yes
Are the ICAP
servers running?
No
Address the issue with
your ICAP servers.
Yes
No
This may indicate a networking issue.
Engage your Network Administrator to
troubleshoot your local network.
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
7 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
7 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Check the ICAP servers (3)
Page
7
You could have arrived here from:
• Page 6 - Check the ICAP servers (2)
• Page 16 - AVScan job does not complete (2)
• Page 18 - AVScan takes an unusually long time to complete (2)
Test to see if one of the accessible ICAP servers are reachable from all cluster nodes. From
the OneFS CLI, run the following command, where <URL> is the URL of an ICAP server that
was listed as active or alive in the output from the commands on page 5:
isi_for_array -sX "nc -z <URL> 1344"
If the ICAP server is reachable from all cluster nodes, the output will look similar to the
following, with succeeded listed for each node:
cluster-1: Connection to 10.200.33.192 1344 port [tcp/*] succeeded!
cluster-2: Connection to 10.200.33.192 1344 port [tcp/*] succeeded!
cluster-3: Connection to 10.200.33.192 1344 port [tcp/*] succeeded!
Is the ICAP
server reachable
from all nodes in
the cluster?
Go to Page 14Go to Page 14No
Yes
Go to Page 8Go to Page 8
____________
__________________________________________________________
______________________________________________________________________
____________________________________________________________________________________________________
8 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
8 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Confirm that the isi_avscan_d service is running
Page
8
You could have arrived here from:
• Page 7 - Check the ICAP servers (3)
You could have arrived here from:
• Page 7 - Check the ICAP servers (3)
Run the following command to verify whether
the Antivirus scan service is enabled:
isi services -a isi_avscan_d
Is the
isi_avscan_d
service
enabled?
Run the following command to enable the
service:
isi services -a isi_avscan_d enable
No
Go to Page 9Go to Page 9
Yes
9 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
9 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Confirm that the isi_avscan_d service is running (2)
Page
9
You could have arrived here from:
• Page 8 - Confirm that the isi_avscan_d service is running
You could have arrived here from:
• Page 8 - Confirm that the isi_avscan_d service is running
Confirm whether the isi_avscan_d service is running on all
nodes in the cluster:
isi_for_array -sX "pgrep isi_avscan_d | wc -l"
Did the
command return a
value of 1 for each
node in the
cluster?
Note the page number that you
are currently on.
Upload log files and contact Isilon
Technical Support, as instructed in
Appendix A.
Note the page number that you
are currently on.
Upload log files and contact Isilon
Technical Support, as instructed in
Appendix A.
No
Is cluster
performance
degraded when
Antivirus scan is
running?
Yes
Go to Page 10Go to Page 10Yes
No
Go to Page 15Go to Page 15
10 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
10 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Cluster performance is degraded when AVScan is running
Page
10
You could have arrived here from:
• Page 9 - Confirm that the isi_avscan_d service is running
You could have arrived here from:
• Page 9 - Confirm that the isi_avscan_d service is running
Confirm the status of Scan on open and Scan on closed
by running the following command for your version of OneFS:
OneFS 8.0 through 8.1
isi antivirus settings view
OneFS 7.1 through 7.2
isi avscan config
See Appendix D for example output.
Is either Scan on
open or Scan on
close enabled?
Either is enabled
Go to Page 11Go to Page 11
Neither is
enabled
Go to Page 12Go to Page 12
Does the
performance issue
happen only when the
AVScan job
is running?
No
Yes
Go to Page 13Go to Page 13
__________________
11 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
11 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Confirm AVScan configuration
You could have arrived here from:
• Page 10 - Cluster performance is degraded when AVScan is running
• Page 12 - Temporarily disable Scan on open or Scan on closed
• Page 18 - AVScan takes an unusually long time to complete
Page
11
Is the
configuration and
sizing consistent
with best
practices?
Reconfigure the system
so that it is consistent
with best practices.No
Yes
Gather logs from the
ICAP server and contact
Isilon Technical Support.
Did this
resolve the
issue?No
End troubleshooting
Yes
Check whether the AVScan configuration and sizing is consistent with best
practices. Refer to these resources:
• Whitepaper: Antivirus Solutions with EMC Isilon Scale-Out NAS
• ICAP and AVScan performance and server considerations, article 474769
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
______________________________________________________________________________________________________________
______________________________________________________________________________________________________________________________________________________________________________________________________
______________________
______________________________________________________________________________________________________
12 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
12 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Temporarily disable Scan on open or Scan on close
Page
12
You could have arrived here from:
• Page 10 - Cluster performance is degraded when AVScan is running
• Page 13 - Temporarily disable Scan on open or Scan on close
Does the
performance
improve?
This is an AVScan
issue.
Yes
No
Temporarily disable Scan on open and Scan on close to determine whether the problem is
related to AVScan or to another component. Run the following command for your version of OneFS:
OneFS 8.0 through 8.1
isi antivirus settings modify --scan-on-open=false --scan-on-close=false
OneFS 7.1 through 7.2
isi avscan config --scan-on-open=false --scan-on-close=false
Wait five minutes for the change to take effect.
Go to Page 13Go to Page 13
Go to Page 11Go to Page 11
______________________________________________________________________________________________________________
____________________________________________________________________________________________________
13 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
13 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Temporarily disable Scan on open or Scan on close (2)
Page
13
You could have arrived here from:
• Page 10 - Cluster performance is degraded when AVScan is running
• Page 12 - Temporarily disable Scan on open or Scan on close
This indicates a
general performance
problem.
If you changed the Scan on open or Scan
on close settings back on
page 12, return them to their original settings.
If you changed the Scan on open or Scan
on close settings back on
page 12, return them to their original settings.
Go toEMC Isilon Customer Troubleshooting Guide:
Troubleshoot Performance Issues on your
Isilon Cluster
Go toEMC Isilon Customer Troubleshooting Guide:
Troubleshoot Performance Issues on your
Isilon Cluster
______________________________________________________________________________________________________________
____________________________________________________________________________________________________
14 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
14 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Check the health of the nodes
Page
14
You could have arrived here from:
• Page 7 - Check the ICAP servers (3)
You could have arrived here from:
• Page 7 - Check the ICAP servers (3)
Note the page number that you
are currently on.
Upload log files and contact Isilon
Technical Support, as instructed in
Appendix A.
Note the page number that you
are currently on.
Upload log files and contact Isilon
Technical Support, as instructed in
Appendix A.
Run the following command to confirm
that all of the nodes are healthy:
isi status
See Appendix E for example output.
Do all of the
nodes show a status of
OK in the Health
DASR column?
Yes
No
Refer toOneFS: AVScan fails if one or more
nodes are unable to connect to an
ICAP server, article 462493
Refer toOneFS: AVScan fails if one or more
nodes are unable to connect to an
ICAP server, article 462493
Did this
article resolve the
issue?
End troubleshooting
No
Yes
__________________
15 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
15 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
AVScan job does not complete
Page
15
You could have arrived here from:
• Page 9 - Confirm that the isi_avscan_d service is running (2)
You could have arrived here from:
• Page 9 - Confirm that the isi_avscan_d service is running (2)
Does the
AVScan job
complete?
Determine why the job did not complete by running
the following command for your version of OneFS:
OneFS 8.0 through 8.1
isi job events list --job-type avscan
OneFS 7.1 through 7.2
isi_classic job history -j avscan
See Appendix F for example output.
No
Yes Go to Page 17Go to Page 17
Was there an
error listed in the
output?
Yes
No
Go to Page 16Go to Page 16
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
__________________
16 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
16 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
AVScan job does not complete (2)
Page
16
You could have arrived here from:
• Page 15 - AVScan job does not complete
You could have arrived here from:
• Page 15 - AVScan job does not complete
If the error is similar to the following, it indicates that the cluster node is unable to contact
the ICAP server:
2018-10-25T13:50:15-04:00 <3.7> ivcnas-4(id4) isi_avscan_d[31287]:
[0x803e03370] attempting connection to: 1.2.3.4:1344
2018-10-25T13:50:15-04:00 <3.4> ivcnas-4(id4) isi_avscan_d[31287]:
[0x803e03370] unable to setup connection to 1.2.3.4:1344
Yes
Was the error
regarding
isi_avscan_d?
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
No
Go to Page 7Go to Page 7
17 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
17 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
AVScan takes an unusually long time to complete
Page
17
You could have arrived here from:
• Page 15 - AVScan job does not complete
You could have arrived here from:
• Page 15 - AVScan job does not complete
Does the
AVScan job take an
unusually long time to
complete?
Go to Page 19Go to Page 19No
Verify the status of the job by
running:
isi job status
Yes
Is the
AVScan job
currently
running?
Yes
Check the AVScan reports to see how long the
previous AVScan jobs have taken by running the
following command for your version of OneFS:
OneFS 8.0 through 8.1
To obtain the ID of the AVScan job, run:
isi antivirus reports scans list
Run, where <ID> is the ID of the AVScan job:
isi antivirus reports scans view <ID>
OneFS 7.1 through 7.2
isi avscan report scan
No
Go to Page 18Go to Page 18
18 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
18 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
AVScan takes an unusually long time to complete (2)
Page
18
You could have arrived here from:
• Page 17 - AVScan takes an unusually long time to complete
You could have arrived here from:
• Page 17 - AVScan takes an unusually long time to complete
Search /var/log/isi_avscan.d.log for
connection failure or timeout errors.
Does the log
show connection
failure errors?
Go to Page 7Go to Page 7
Does the log
show timeout
errors?
No
Yes
Go to Page 20Go to Page 20Yes
Go to Page 11Go to Page 11
No
19 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
19 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
AVScan timeouts
Page
19
You could have arrived here from:
• Page 17 - AVScan takes an unusually long time to complete
You could have arrived here from:
• Page 17 - AVScan takes an unusually long time to complete
Are you receiving
AVScan event
timeouts?
Go to Page 21Go to Page 21No
Yes
Note Timeouts occur when there are too many
files to process within the timeout window.
This usually happens when there are not
enough ICAP servers configured.
Go to Page 20Go to Page 20
20 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
20 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
AVScan timeouts (2)
Page
20
You could have arrived here from:
• Page 18 - AVScan takes an unusually long time to complete
• Page 19 - AVScan timeouts
Is the
configuration and
sizing consistent
with best
practices?
Reconfigure the system
so that it is consistent
with best practices.No
Yes
Did this
resolve the
issue?No
End troubleshooting
Yes
Check whether the AVScan configuration and sizing is consistent with best
practices. Refer to these resources:
• Whitepaper: Antivirus Solutions with EMC Isilon Scale-Out NAS
• ICAP and AVScan performance and server considerations, article 474769
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
______________________
______________________________________________________________________________________________________
____________________________________________________________________________________________________________________________________________
21 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
21 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
The cluster has reported a threat
Page
21
You could have arrived here from:
• Page 19 - AVScan timeouts
You could have arrived here from:
• Page 19 - AVScan timeouts
Has the cluster
reported a threat either
through a cluster alert or
through an ICAP server
alert?
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
Note the page number that you
are currently on.
Upload log files and contact Isilon Technical
Support, as instructed in Appendix A.
No
View the threat information either on the ICAP server or the cluster.
On the cluster, view the information on the web administration interface
or the command-line interface.
Web administration interface
Click Data Protection > Antivirus > Reports
Command-line interface
OneFS 8.0 through 8.1
Obtain the report ID by running:
isi antivirus reports threats list
Run, where <ID> is the ID of the report that was obtained above:
isi antivirus reports threats view <ID>
OneFS 7.1 through 7.2
Run the following command, where <AlertID> is the report ID listed in
the cluster alert:
isi avscan report threat --report-id=<AlertID>
The action that was taken on the thread will be listed in the output as
either: Truncated, Repaired, or Quarantined.
Yes
Go to Page 22Go to Page 22
22 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
22 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
The cluster has reported a threat (2)
Page
22
You could have arrived here from:
• Page 21 - The cluster has reported a threat
You could have arrived here from:
• Page 21 - The cluster has reported a threat
What action
does the output
say was taken?
Truncated
or
Repaired
Quarantined
You can rescan or release a quarantined file if you believe the file is no
longer a threat.
OneFS 8.0 through 8.1
Manage threats through the CLI. Run the following command for the
action you want to take, where <path> is the path to the file that the
Antivirus scan has indicated is a threat.
• Rescan: isi antivirus scan <path>
• Release: isi antivirus release <path>
OneFS 7.1 through 7.2
Manage threats through the web administration interface.
Click Data Protection > Antivirus > Detected Threats
Choose an option from the Actions column.
The file has been
repaired or has been
truncated to zero bytes.
End troubleshooting.
End troubleshooting
23 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
23 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Contact Isilon Technical Support
If you need to contact Isilon Technical Support during troubleshooting, reference the page or step that you need help with.
This information and the log file will help Isilon Technical Support staff resolve your case more quickly.
Contact Isilon Technical Support
If you need to contact Isilon Technical Support during troubleshooting, reference the page or step that you need help with.
This information and the log file will help Isilon Technical Support staff resolve your case more quickly.
Appendix A: If you need further assistance
Upload node log files and the screen log file to Isilon Technical Support
1. When troubleshooting is complete, in the command-line interface, type exit to end your screen session.
2. Gather and upload the node log set and include the SSH screen log file by using the command appropriate for your
method of uploading files. If you are not sure which method to use, use FTP.
ESRS:
isi_gather_info --esrs --local-only -f /ifs/data/Isilon_Support/screenlog.0
FTP:
isi_gather_info --ftp --local-only -f /ifs/data/Isilon_Support/screenlog.0
HTTP:
isi_gather_info --http --local-only -f /ifs/data/Isilon_Support/screenlog.0
SMTP:
isi_gather_info --email --local-only -f /ifs/data/Isilon_Support/screenlog.0
SupportIQ:
Copy and paste the following command.
Note: When you copy and paste the command into the command-line interface, it will appear on multiple lines (exactly
as it appears on the page), but when you press Enter, the command will run as it should.
isi_gather_info --local-only -f /ifs/data/Isilon_Support/screenlog.0 --noupload \
--symlink /var/crash/SupportIQ/upload/ftp
3. If you receive a message that the upload was unsuccessful, refer to article 304567 on the EMC Online Support site for
directions on how to upload files over FTP.
______________________
Upload node log files and the screen log file to Isilon Technical Support
1. When troubleshooting is complete, in the command-line interface, type exit to end your screen session.
2. Gather and upload the node log set and include the SSH screen log file by using the command appropriate for your
method of uploading files. If you are not sure which method to use, use FTP.
ESRS:
isi_gather_info --esrs --local-only -f /ifs/data/Isilon_Support/screenlog.0
FTP:
isi_gather_info --ftp --local-only -f /ifs/data/Isilon_Support/screenlog.0
HTTP:
isi_gather_info --http --local-only -f /ifs/data/Isilon_Support/screenlog.0
SMTP:
isi_gather_info --email --local-only -f /ifs/data/Isilon_Support/screenlog.0
SupportIQ:
Copy and paste the following command.
Note: When you copy and paste the command into the command-line interface, it will appear on multiple lines (exactly
as it appears on the page), but when you press Enter, the command will run as it should.
isi_gather_info --local-only -f /ifs/data/Isilon_Support/screenlog.0 --noupload \
--symlink /var/crash/SupportIQ/upload/ftp
3. If you receive a message that the upload was unsuccessful, refer to article 304567 on the EMC Online Support site for
directions on how to upload files over FTP.
___________
24 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
24 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Decision diamondYes No
Process stepProcess step with command:
command xyz
Go to Page #
Page
# Note Provides context and additional
information. Sometimes a note is linked
to a process step with a colored dot.
CAUTION!Caution boxes warn that
a particular step needs
to be performed with
great care, to prevent
serious consequences.
End point Document ShapeCalls out supporting documentation
for a process step. When possible,
these shapes contain links to the
reference document.
Sometimes linked to a process step
with a colored dot.
Optional process step
Directional arrows indicate
the path through the
process flow.
IntroductionDescribes what the section helps you to
accomplish.
You could have arrived here from:
• Page 4 - Start Troubleshooting
You could have arrived here from:
• Page 4 - Start Troubleshooting
Appendix B: How to use this flowchart
25 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
25 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
You could have arrived here from:
• Page 5 - Check the ICAP servers
You could have arrived here from:
• Page 5 - Check the ICAP servers
Appendix C: Example output
Example output for OneFS 8.0 through 8.1:
cluster-1# isi antivirus servers list
Url Description Enabled
------------------------------------------
icap://10.200.33.192 - Yes
------------------------------------------
Total: 1
cluster-1# isi antivirus servers view icap://10.200.33.192
Url: icap://10.200.33.192
Description: -
Enabled: Yes
Status: active
Example output for OneFS 7.1 through 7.2:
cluster-1# isi avscan settings
ICAP server 1:
URL: 10.200.33.192 (enabled)
Status: alive
Glob filters: disabled, include patterns
Remediations: repair, quarantine
Max scan size: 2147483647
Scan on open: disabled
fail open: enabled
Scan on close: disabled
Report expiry: 31536000
26 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
26 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
You could have arrived here from:
• Page 10 - Cluster performance is degraded when AVSCan is running
You could have arrived here from:
• Page 10 - Cluster performance is degraded when AVSCan is running
Appendix D: Example output
Example output for OneFS 7.1 through 7.2:
cluster-1# isi avscan config
Glob filters: disabled, exclude patterns
Remediations: repair, quarantine
Max scan size: 2147483647
Scan on open: disabled
fail open: enabled
Scan on close: disabled
Report expiry: 31536000
Example output for OneFS 8.0 through 8.1:
cluster-1# isi antivirus settings view
Fail Open: Yes
Glob Filters: -
Glob Filters Enabled: No
Glob Filters Include: No
Path Prefixes: -
Repair: Yes
Report Expiry: Now
Scan On Close: No
Scan On Open: No
Scan Size Maximum: 0
Service: No
Quarantine: Yes
Truncate: No
27 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
27 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
You could have arrived here from:
• Page 14 - Check the health of the nodes
You could have arrived here from:
• Page 14 - Check the health of the nodes
Appendix E: Example output
Example output
cluster-1# isi status
Cluster Name: cluster-1
Cluster Health: [ OK ]
Cluster Storage: HDD SSD Storage
Size: 32.1G (56.2G Raw) 0 (0 Raw)
VHS Size: 24.1G
Used: 4.2G (13%) 0 (n/a)
Avail: 27.9G (87%) 0 (n/a)
Health Throughput (bps) HDD Storage SSD Storage
ID |IP Address |DASR | In Out Total| Used / Size |Used / Size
---+---------------+-----+-----+-----+-----+-----------------+-----------------
1|11.222.33.444 | OK | 0| 661k| 661k| 1.4G/10.7G( 13%)|(No Storage SSDs)
2|111.11.11.11 | OK | 0|50.7M|50.7M| 1.4G/10.7G( 13%)|(No Storage SSDs)
3|111.1.1.11 | OK | 0|128.0|128.0| 1.4G/10.7G( 13%)|(No Storage SSDs)
---+---------------+-----+-----+-----+-----+-----------------+-----------------
Cluster Totals: | 0|51.3M|51.3M| 4.2G/32.1G( 13%)|(No Storage SSDs)
Health Fields: D = Down, A = Attention, S = Smartfailed, R = Read-Only
28 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
28 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
You could have arrived here from:
• Page 15 - AVScan job does not complete
You could have arrived here from:
• Page 15 - AVScan job does not complete
Appendix F: Example output
Example output for OneFS 8.0 through 8.1
cluster-1# isi job events list --job-type avscan
Time Job ID Job Type Phase Event State
--------------------------------------------------------------------
2017-09-12T22:49:27 51 AVScan 1 Policy change LOW
2017-09-12T22:49:27 51 AVScan 1 State change Waiting
2017-09-12T22:49:27 51 AVScan 1 State change Running
2017-09-12T22:49:28 51 AVScan 1 Begin phase scan
2017-09-12T22:49:29 51 AVScan 1 End phase scan
2017-09-12T22:49:30 51 AVScan 1 State change Succeeded
Example output for OneFS 7.1 through 7.2
cluster-1# isi_classic job history -j
Job events:
Time Job Event
--------------- -------------------------- ------------------------------
09/12 23:15:59 AVScan[38] Succeeded (LOW)
09/12 23:15:58 AVScan[38] Phase 1: end scan
09/12 23:15:56 AVScan[38] Phase 1: begin scan
09/12 23:15:56 AVScan[38] Running (LOW)
09/12 23:15:56 AVScan[38] Waiting
29 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
29 - EMC Isilon Customer Troubleshooting Guide: Troubleshoot issues with Antivirus Scan
in OneFS
For links to all Isilon customer troubleshooting guides, visit the Customer Troubleshooting - Isilon Info Hub.
We appreciate your help in improving this document. Submit your feedback at http://bit.ly/isilon-docfeedback.
____________________________________________________________________________________________
Copyright © 2018 Dell Inc. or its subsidiaries. All rights reserved.
Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.“ DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.
Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners.
EMC CorporationHopkinton, Massachusetts 01748-91031-508-435-1000 in North America 1-866-464-7381www.EMC.com
Copyright © 2018 Dell Inc. or its subsidiaries. All rights reserved.
Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.“ DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.
Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners.
EMC CorporationHopkinton, Massachusetts 01748-91031-508-435-1000 in North America 1-866-464-7381www.EMC.com