How to test connectivity between Security Analytics and Malware Analysis Appliance
Article ID: 168505
Updated On:
Products
Issue/Introduction
If you are experiencing connectivity issues between SA and MAA, check the following recommendations.
Resolution
1. Monitor messages:
tail -f /var/log/messages | grep -e malware_analysisd -e test_connection
2. Test connection in UI
Go to Settings > Data Enrichment
Select to edit the Malware Analysis Appliance clicking the pencil icon:
Open the MAA appliance profile by clicking on it's name and select the test connection icon:
You will get a response in the UI if the connection test failed or succeeded.
If it failed, check the output on the ssh session from messages log
3. Restart services if the connection fails, as this may help. Try step 2 again after this
service derpd restart
Output from tailing messages:
Working connection will look like this (notice the result=1 at the end for success)
Mar 24 14:32:46 Appliance_name httpd[6415]: snlog: sn="##:##:##:##:##:##" id="DS" m="30" c="0" event="AUDIT" category="MISC" ip="192.168.5.222" model="Virtual Appliance" msg="logmsg=\"controller.integration_providers::event.audit.integration_provider_test_connection_called\", user=admin, name=\"SA\", result=1"
If the connection fails, it likely will end with a result=0
You will likely also see errors from malware_analysisd similar to these:
Mar 24 14:30:40 Appliance_name malware_analysisd: Error 192.168.1.101:health connection 111 (Connection refused)
Mar 24 14:30:40 Appliance_name malware_analysisd: Error 192.168.1.101:task_state/* connection 111 (Connection refused)
Mar 24 14:30:40 Appliance_name malware_analysisd: Error 192.168.1.101:task_complete/* connection 111 (Connection refused)
Mar 24 14:31:40 Appliance_name malware_analysisd: Error 192.168.1.101:task_complete/* connection 111 (Connection refused)
Mar 24 14:31:40 Appliance_name malware_analysisd: Server 192.168.1.101 not available
Feedback
