1) In NAC Mgr right click on the appliance and select "WebView".
2) Login then click on "Diagnostics", then "Appliance/Server Diagnostics"
3) Set the “DNS Proxy” debug to Diagnostic Level: "Verbose”:
4). Scroll down in the web page and click “OK”.
5) SSH into the NAC appliance and type:
tcpdump -i eth0 -s 0 -w dns.pcap udp port 53 (substitute eth0 for whatever interface is applicable to the issue, otherwise you need to SSH in twice and run two of these concurrently, one for eth0 and one for eth1)
6) Recreate the issue you are reporting.
7) Stop the tcpcump using "ctrl-c"
8) In NAC Manager, locate the test End System and export the End System “Events “ for this device to HTML format, per below instructions:
To export the End System Events, highlight the End System under the End Systems tab then in the middle “pane” (middle of the NAC Manager screen) under the “End System Events” tab highlight any event and right click on the event then select Table Tools, Export. ***Please export to HTML format***
9) Open a case with GTAC and send in the /var/log/tag.log, /var/log/dnsProxy.log, and the /opt/nac/server/config/ApplianceConfiguration/xml file from the NAC appliance.
10) Using the WebView login to the NAC appliance and be sure to reverse the steps for the enabled debugs and place them back to the defaults, Log4j File Override
11) What is the MAC Address of the test End System and what website were you trying to access during the recreated isuse?