Run the MER tool:
To run the MER tool for the TIE Server 3.0.x, switch to the
Root user and run the following command:
mfe_tie_dxl_log_collector.sh
To run the MER tool for the TIE server 4.0.x, switch to the
Root user and run the following command:
trellix_tie_dxl_log_collector.sh
NOTE: This MER script is included in the appliance image.
The generated output is written in a directory according to the MER tool version. A message appears after the script execution.
Information about files collected by MER:
The MER tool collects the following product data from the TIE Server so that the Technical Support engineer can analyze and resolve issues:
TIE Server Information and System Data |
Default Location |
Supported TIE Feature |
TIE 4.x |
TIE 3.x |
TIE 2.3.x |
TIE 2.2 |
Daemon log included in MER |
/var/log/daemon.log |
Yes |
Yes |
Yes |
No |
Kernel log included in MER |
/var/log/kern.log |
Yes |
Yes |
Yes |
No |
DXL IPE logs |
/var/McAfee/dxlbroker/logs/ipe*.log |
Yes |
Yes |
Yes |
No |
Generated output is written to |
/data/tieserver/mer/mfe_tie_dxl_.tgz2
/data/tieserver/mer/trellix_tie_tieservername_timestamp.tgz3 |
Yes |
Yes |
Yes |
Yes |
TIE Server installation logs |
/tmp/*.log |
Yes |
Yes |
Yes |
Yes |
TIE Server installation logs/errors |
/tmp/*.err |
Yes |
Yes |
Yes |
Yes |
Error CP information |
/tmp/ERR* |
Yes |
Yes |
Yes |
Yes |
First boot and network setup information |
/tmp/LOG* |
Yes |
Yes |
Yes |
Yes |
Agent logs |
/var/McAfee/agent/logs/* |
Yes |
Yes |
Yes |
No |
Agent automated upgrade log |
/var/log/MFEcma* |
No |
Yes |
No |
No |
DXL Broker component log |
/var/McAfee/dxlbroker/logs/* |
Yes |
Yes |
Yes |
Yes |
DXL Broker Policy |
/var/McAfee/dxlbroker/policy/* |
Yes |
Yes |
Yes |
Yes |
TIE Server log |
/var/McAfee/tieserver/logs/*2
/var/Trellix/tieserver/logs/*3 |
Yes |
Yes |
Yes |
Yes |
TIE Server policy |
/var/McAfee/tieserver/policy/*2
/var/Trellix/tieserver/policy/*3 |
Yes |
Yes |
Yes |
Yes |
TIE Server replication auto recovery |
/var/log/replication-auto-recovery.log |
Yes |
Yes |
Yes |
Yes |
TIE/PostgreSQL configuration files and stats |
/data/tieserver_pg/*.conf |
Yes |
Yes |
Yes |
Yes |
MAR Server configuration Files |
/opt/McAfee/marserver/conf* |
No |
Yes |
No |
No |
System Cron Info |
/var/log/cron* |
Yes |
Yes |
Yes |
Yes |
Sysstat Information (ksar.txt) |
/var/log/sa/* |
Yes |
Yes |
Yes |
Yes |
Kernel message buffer |
/var/log/dmesg.old |
Yes |
Yes |
No |
No |
Environment Descriptor |
/etc/McAfee/environment.sh |
Yes |
Yes |
No |
No |
TIE/DXL API metrics (.csv) |
/var/McAfee/tieserver/monitoring2
/var/Trellix/tieserver/monitoring3 |
Yes1 |
Yes1 |
Yes1 |
Yes1 |
TIE Server traffic logs (.csv) |
/data/tieserver/traffic/* |
Yes1 |
Yes1 |
Yes1 |
Yes1 |
FIPS Info |
/var/log/kern.log
/var/log/secure*.log
/var/log/messages*.log |
Yes |
Yes |
Yes |
Yes |
Java security |
/opt/McAfee/tieserver/jre/lib/security/java.security |
Yes |
Yes |
Yes |
Yes |
System Java Process dump |
MLOS process |
Yes |
Yes |
Yes |
Yes |
1 |
Traffic logs generated for TIE Server 3.0.x are included in the MER output if the -t flag is included in the command execution. Example:
mfe_tie_dxl_log_collector.sh -t
Traffic logs generated for TIE Server 4.0.x are included in the MER output if the -t flag is included in the command execution. Example:
trellix_tie_dxl_log_collector.sh -t
Traffic logs generated by previous versions of the TIE Server using the TIE Server log parsing script aren't included in the MER output, regardless of the -t flag. This flag applies only to traffic logs generated by TIE Server, after the DXL traffic logs are enabled through the TIE Server Policy.
NOTE: The file is generated with root permissions. To move the file from Linux to a different system, such as Windows, you must use a tool such as WinSCP. You might receive a "permissions denied" error message.
To resolve permissions denied errors, run the following command on the Linux host before you run WinSCP:
chmod -R 777 <location of file>
For example, chmod 777 /data/tieserver/trellix_tie_tieservername_timestamp.tgz
|
2 |
Applicable for TIE 3.0.x and earlier versions. |
3 |
Applicable for TIE 4.0.x and later versions. |