The document provides some basic troubleshooting steps you can follow when troubleshooting any NSX NDR Appliance (On-Premise or Hosted). These steps work for all recent versions of the product and the troubleshooting tips provided are a starting point for identifying potential issues on the appliances and components. These steps may remediate common issues, or provide clues to a problem when an appliance is in an error or warning condition.

Performing the steps listed may often solve the issue. However, if after completing all of the below steps the issue remains unresolved, please open a Support Request with VMware and provide the output and status of the commands listed in this article. Providing the output and steps performed upfront when opening the SR, will aid the VMware Support team in more efficiently diagnosing and resolving the issue.

Common troubleshooting steps

The below steps are applicable to any appliance type (Manager, Engine, Data Node, Sensor, etc.). The list below provides basic UI steps or CLI commands to perform on the NSX NDR Lastline deployment.

1. Retrigger configuration:

Option A (Preferred)

In the Hosted or On-Premise user portal, you can execute the following steps:

1. Click the "Admin" tab
2. Click the "Appliances" tab
3. Under the Actions column, on the target appliance with issues, press the "Quick Links" button
4. Select "Retrigger configuration"

Note: The "Retrigger Configuration" option is also available in the Status tab of a given appliance. See https://user.lastline.com/help/appliancesstatus.html for more information.
 

Option B

Important: Following this option does not change the UI status to "In Progress" (Only Option A can clear this out if a configuration is not really running)

1.  SSH to the appliance IP using the configured user account (see https://user.lastline.com/lastline-pdf-opsguide-manuals/Administration_Operations_Guide.html#sshaccess for details on setting this up for the first time).

2. Execute the command: sudo lastline_apply_config
   Note: use the optional "-d" parameter to output debug information to the terminal
   When completed successfully, the output will display "Applying Configuration finished successfully."
   

Conclusion: 

Often Retriggering the configuration will resolve the appliance issue and will return to an "OK" status. If the issue persists, move on to the next step. 
 

2. Verify Appliances are not Offline

In the Hosted or On-Premise user portal you can execute the following steps:

1. Click the "Admin" tab
2. Click the "Appliances" tab
3. Click "Show Offline Appliances" link to show details about the Offline appliance in the UI
4. If you see any offline appliances, please follow the process below. you may also need to run Option B of Step 1 (retrigger the configuration from the CLI)

3. Lastline Test Appliance utility

1. SSH to the target appliance
2. Login to the CLI using the lastline or monitoring user (or any other user configured in lastline_setup -> enable_additional_password_auth_ssh_usernames)

3. Execute the command: sudo lastline_test_appliance

   The output of the commands may highlight any errors/warnings found during the checks.  This script runs through a number of basic network and software checks.
   
   If the steps above do not have any errors, please move to step 4 and review the details in the Monitoring logs. In some cases, the output of lastline_test_appliance will include a command to try and fix the error or warning condition. 
   
   Note: Please send the output or a screenshot of lastline_test_appliance to the VMware support team as this provides additional important information, if you need to file a Support Request.

4. Monitoring logs

The Monitoring logs can also be accessed via the "Quick Links" of a given appliance under the Admin->Appliances UI.

 Apply filters: There are many filters available. As an example, here is a filter option available that allows in example to only view Errors or Warnings using the "Impact Level" filter.


Then select a filter value, such as "Error" or "Warning" (change as needed based on the condition you are experiencing).


2. Click the "Apply" button to set your filters. Here is a sample set of errors from the "Lastline Test Appliance" utility:
 

You can optionally expand or hide the rows for each entry by clicking on the plus symbol (+ or -) at the left side of the warning/error message to expand or hide the information.
 

Note: Please send a screenshot of the extended error message and send this to the VMware support team as this provides additional important information.