1. Data Management

In order for the TRACKWATCH solution to function properly, the GCENTER server works with log files. These log files record all the traffic captured by the GCAP probe as well as the information from the GScan. This information can proliferate quickly taking up a lot of disk space.

Although a retention policy may be in place, this data can, if the need arises, be manually deleted by the administrator at any time prior to the data retention period expiring.

1.1. Data deletion

Menu: Administrators > GCenter > Data Management

After a full or incremental save by the backup functionality, the old logs are automatically deleted, depending on the data retention time, thus freeing up disk space.

Over a given period of time, the information tables of the analysis engines MALCORE, CODEBREAKER, SIGFLOW, and the GSCAN portion including the MALCORE and CODEBREAKER modules can be cleared. This period is selected by the administrator, who validates it by pressing Apply. However, this duration cannot exceed the total retention time of the data already preconfigured in the solution. The same applies to the ICAP and Syslog services.

Important

Data not yet processed will also be deleted.

After ticking the appropriate boxes over a period of time, the administrator must validate the action by clicking Send.

2. Diagnostics

This portion of the ADMINISTRATORS section of the GCENTER enables administrators of the TRACKWATCH solution to verify or debug certain configuration settings. It will also enable GATEWATCH support to identify and resolve any possible malfunctions.

From this diagnostic interface, the administrator has the ability to export the configuration parameters of the GCENTER:

It is also possible from the setup menu to generate a "Tech Support".

This is done by logging into the GCenter as a setup user, then selecting the Tech Support entry.

This command enables you to easily copy and paste a Gcenter health status.

2.1. Log files

Menu: Administrators > GCenter > Diagnostics

System logs providing details of the GCENTER equipment and its configuration can be exported from this interface. This export will be highly useful for the GATEWATCHER support team for any type of diagnosis. The export file log is protected by a password only known by the GATEWATCHER administrator team.

After this step, a 'GATEWATCHER_logs.gwp' archive of several megabytes is downloaded. The latter must be saved so it can be sent to the GATEWATCHER support.

Indeed, this archive can only be extracted by an advanced administrator having knowledge of the data extraction password.

Once extracted, the administrator will have access to all the configuration parameters of the GCENTER management server and will be able to diagnose any problem. Messages from all logs will be accessible as well as all system calls from the system.

3. Solution logs

Menu: Administrators > GCenter > Trackwatch Logs

This entry redirects to a kibana dashboard displaying the different logs of the TRACKWATCH solution.

From this dashboard it is possible to filter the different fields from the left menu

The logs of the various applications are displayed at the bottom of the overview screen, or by clicking on the Messages view.

4. Emergency mode

In order to preserve the solution's detection capacity, the GCenter can enter into a special regime called Emergency Mode.

This mode is automatically triggered in the event of heavy usage of the GCenter disk space used to store data. In such a case, the solution will automatically apply the Data Deletion procedure thus ensuring the continuity of detection services.

5. GApps management

GApps represent the many services that make up the TRACKWATCH solution. It may be necessary in some instances to restart or reset them.

This can be done by logging in to the GCenter via ssh as the setup user and selecting the GApps Management entry.

Next, the choice is offered to restart a service or to reset it.

Warning

Resetting a service is equivalent to returning it to its factory-set configuration. It may be necessary to reapply certain configurations or updates.

Finally, simply select the service from the list to be restarted or reset.