What is in a Customer Service Report (CSR) and how do I create one on Security Analytics/Solera appliances?

book

Article ID: 168347

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

CSRs are sometimes collected and sent to Security Analytics support to assist in diagnosing a problem  Knowing what it is, what is included, and how to create it is helpful to most customers in deciding if it should be sent for problem diagnosis.

Resolution

Please note that newer versions of the CSR will always include additional files and information.  The list below includes a the basic list of files, but is subject to change in version updates.

A Customer Service Report (CSR) is collected from the menu under Settings > System > Customer Service Report (CSR).  Select the green "Download CSR" button.  The system will begin to collect configuration information and logs.  Do not expect to see an hourglass or other notification that the CSR is being generated.  There will be a message in the bottom left of the browser saying "Waiting for hostname".  Depending on the size of the files, the CSR could take anywhere between 1 minute and several hours to download.

A CSR contains configuration files and log files.  A sample of the configuration and log files:

df - Contains the free disk space and which filesystems are mounted.
ps - Contains the processes which were running during the day in five minute intervals.
top - Contains a list of the processes running, their cpu usage, and a load average for the day.
iostat - Statistical results showing the usage of each of the virtual disks.
dscapture - Shows amount of data captured, which interfaces are capturing, and recycle count
ethtool - Shows status of the NICs
free - Shows memory usage
db_queries - Queries to the postgres database
megacli - Detailed disk status (info/lsi-show is a summary)
db_summary - Shows tables and database sizes
messages - The /var/log/messages file with application status output, including reports run
config/issue - Version level of system
config/capture-config - Devices used for packet capture
config/index-config - Devices used for index
config/ntp.conf - Network Time Protocol configuration
config/pam.d - Authentication configuration files
config/apps_config.json - Reindexer configuration as well as other customizations
config/dmidecode-out.txt - Hardware serial numbers, slot numbers, revisions, Asset Tag/Serial number
config/DSMODEL - System type, ie R620 or R720 or DS202
config/ifcfg-eth0 - Configuation of the eth0 NIC
info/dslicenseinfo.out - License entitlements
info/dsvpn.out - VPN configuration for CMC to MA communication
info/fdisk.info - Virtual disks on the system and their sizes.
infi/lsi-show.txt - Current status of the virtual disks.  Good to know if disks have failed.
log/postgresql.log - Logs of postgres database transactions
log/firstboot.log - Details of the last installation
log/dsfsck.out - Details of the last capture filesystem/database check
log/secure - Login details for users

CSR's also include historical files.  These will be designated with a '-date.gz'  By default we keep the last 2 weeks of historical data for popular statistics such as db_querries, db_summary, df, df_i, diskspace_txt, dscapture, ethtool, extractord, filter, free, ifconfig, iostat, megacli, network_txt, oomstat, ps, ps_e, regen, slots_txt, top, tw_cli.  Each gzipped file includes a single day of statistics.  Some of these statistics run every hour and sometimes every 5 minutes.  

For additional details on what the CSR script does and what the frequency of the CSR cron jobs are, please check the following files in the /config directory of the extracted CSR file:

csr.sh
csr_cron

/usr/share/solera/csr_cron