Reset Search
 

 

Article

NAC Troubleshooting Tips: NAC Agent Debugging

« Go Back

Information

 
TitleNAC Troubleshooting Tips: NAC Agent Debugging
Objective
To discuss troubleshooting and debugging of NAC Agent assessment. The Nac Agent resides on a user PC to review if the entity is secure and able to enter the network if it is, or else remediate if it is not.
 
Environment
  • Netsight NAC Manager
  • NAC Agent
  • NAC Assessment Agent
Procedure

General

1. If you access the WebView -> "Status" -> "Agent Based" of the NAC Gateway to which the Agents connect and search on the IP of the end-system (ES) is it found?

   a. Are these systems connected both wired and wireless at the same time?

   b. Which interface is connected in the Agent-Based report?

   c. Does the IP of the Agent match the IP of the ES as discovered in the main NAC "End-Systems Tab?

 

2. Determine which End-Systems (ES) are displaying the behavior.

   a. Please record the MAC and IP Address of (1) or (2) for testing.

   b. Please also record approximately how many ES are affected out of the total on-site.

   c. Please relay any ES specific details of the affected ES that may yield a commonality (OS Type, Service Pack, common application, make, model, etc.)

 

3. Note that the NAC-Side and Client diagnostics listed below can be run simultaneously. Please do so, if at all possible.

 

 

NAC-Side Diagnostics

1) In the NAC Manager, please access the "End Systems Diagnostics", and input both the MAC and IP Address of the (1) or (2) Test ES. The "ES Diagnostics" can be accessed by:

   a. Right-clicking on the NAC Gateway against which the test ESs are Authenticating.

   b. Selecting WebView from the Drop-Down Menu.

   c. Selecting "Diagnostics" -> "End-System Diagnostics"

 

2) Let the test system(s) run thru (1) or (2) complete cycles of the observed behavior.

 

3) Please re-enter the "ES Diagnostics", and disable them.

 

4) Access the NAC Gateway via SCP, and off-load the "/var/log/tag.log".

Note: Two common SCP Clients are "WinSCP" and "FileZilla Client"

 

5) Please access the NAC Manager and Export the ES Events for the test ES(s) by:

   a. Selecting the test ES in the ES Tab at the top of the screen.

   b. Right-clicking on any of the ES Events that will now be displayed in the End-Systems Events Tab (located in the middle of the screen, below the ES Tab at the top).

   c. Selecting "Table Tools" -> "Export", and export the ES Events for the test ES(s) as individual "*.csv" files.

   d. Note: If the timeframe of the event just observed, please hit the "Search for Older Events" (2) or (3) times to fill in the time-frame.

 

 

 

Additional notes
The NAC Assessment agent check the windows security center to get the status of the anti-virus product. You can use the following command to check the status from a windows command prompt: 

wmic /namespace:\\root\SecurityCenter path ANTIVIRUSPRODUCT 

wmic /namespace:\\root\SecurityCenter2 path ANTIVIRUSPRODUCT 


 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255