| Table of Contents |
|---|
Thanks to Ido Raday for this amazing troubleshooting guide!
Introduction
This is an interactive guide for debugging the auto triage process.
...
| Code Block |
|---|
\x select * from automation_job where alert_id = ‘ALERT'ALERT_ID'; |
Copy the job_id as you will need it for the next steps
...
Search the triage process log for alert_id for example:
less /usr/share/indeni-services/logs/automation.log | grep 0c7968cd-8df9-4272-852a-ebd3bea2b130 -A20
Find the log block the related to the alert_id, for example:
| Code Block |
|---|
2019-10-05 19:53:38,263 - INFO - automation_registration.py - New automation request, alert_id: 0c7968cd-8df9-4272-852a-ebd3bea2b130, device_id: 270d7888-ede5-419d-b968-ab45c8a08c07, rule_name: DeviceMonitoringSuspended, vendor_name: paloaltonetworks |
...
2019-10-05 19:53:38,264 - INFO - playbook_catalog.py - Get playbook for rule: DeviceMonitoringSuspended vendor: paloaltonetworks |
...
2019-10-05 19:53:38,264 - INFO - playbook_catalog.py - playbook for rule: DeviceMonitoringSuspended vendor: paloaltonetworks is None |
...
2019-10-05 19:53:38,264 - INFO - automation_registration.py - New job created, job_id: d8dad379-c130-4135-9c1a-35ce52fd201d, alert_id: 0c7968cd-8df9-4272-852a-ebd3bea2b130, device_id: 270d7888-ede5-419d-b968-ab45c8a08c07, playbook_file: None |
If the data does not as expected - goto “Open ticket for Server team”
...