How to test connectivity between Security Analytics and Malware Analysis Appliance

book

Article ID: 168505

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Resolution

1. Monitor messages:
 
Log into the SA appliance via SSH and run the following command:

tail -f /var/log/messages | grep -e malware_analysisd -e test_connection
 
2. Test connection in UI

Go to Settings > Data Enrichment

Select to edit the Malware Analysis Appliance clicking the pencil icon:

User-added image

Open the MAA appliance profile by clicking on it's name and select the test connection icon:

User-added image

You will get a response in the UI if the connection test failed or succeeded.
If it failed, check the output on the ssh session from messages log
 
3. Restart services if the connection fails, as this may help. Try step 2 again after this
service malware_analysisd restart
service derpd restart

Output from tailing messages:

Working connection will look like this (notice the result=1 at the end for success)
Mar 24 14:32:46 Appliance_name httpd[6415]: snlog: sn="00:0c:29:8a:dc:f4" id="DS" m="30" c="0" event="AUDIT" category="MISC" ip="192.168.5.222" model="Virtual Appliance" msg="logmsg=\"controller.integration_providers::event.audit.integration_provider_test_connection_called\", user=admin, name=\"SA\", result=1"

If the connection fails, it likely will end with a result=0

You will likely also see errors from malware_analysisd similar to these:


Mar 24 14:30:40 Appliance_name malware_analysisd: Error 192.168.1.101:health connection 111 (Connection refused)
Mar 24 14:30:40
Appliance_name malware_analysisd: Error 192.168.1.101:task_state/* connection 111 (Connection refused)
Mar 24 14:30:40
Appliance_name malware_analysisd: Error 192.168.1.101:task_complete/* connection 111 (Connection refused)
Mar 24 14:31:40
Appliance_name malware_analysisd: Error 192.168.1.101:task_complete/* connection 111 (Connection refused)
Mar 24 14:31:40
Appliance_name malware_analysisd: Server 192.168.1.101 not available

 

Attachments