- play_arrow Running Health Checks
- play_arrow Common Problems
- Common Problems
- Troubleshooting DSMs
- Disk Storage Not Accessible Error
- Resolving Log Source Error After Protocol Update
- Verifying Disk Usage Levels
- Event FAQ
- Event Processing Performance
- Incomplete Report Results
- Resolving Limited Disk Space for Backup Partitions
- License System Notifications
- Resolving Login Errors with Active Directory Accounts
- Verifying That JSA Receives Syslog Events
- Fixing the Certificate Security Browser Warning
- App Host Migration Error
- Offenses are Slow to Load
- play_arrow Increased DNS Requests
- play_arrow JSA System Notifications
- JSA System Notifications
- Disk Usage System Notifications
- Asset Notifications for JSA Appliances
- Automatic Update Notifications for JSA Appliances
- Custom Rules Notifications for JSA Appliances
- Disk Notifications for JSA Appliances
- Event and Flow Notifications for JSA Appliances
- Failure Notifications for JSA Appliances
- Failure Notifications for QRadar Apps
- High Availability Notifications for JSA Appliances
- License Notifications for JSA Appliances
- Limit Notifications for JSA Appliances
- Log and Log Source Notifications for JSA Appliances
- Memory and Backup Notifications for JSA Appliances
- Offense Notifications for JSA Appliances
- Repair Notifications for JSA Appliances
- Vulnerability Scan Notifications for JSA Appliances
Troubleshooting a Problem
Troubleshooting is a systematic approach to solving a problem. The goal of troubleshooting is to determine why something does not work as expected and how to resolve the problem. Certain common techniques can help with the task of troubleshooting.
The first step in the troubleshooting process is to describe the problem completely. Problem descriptions help you and the technical-support representative know where to start to find the cause of the problem. This step includes asking yourself basic questions:
What are the symptoms of the problem?
Where does the problem occur?
When does the problem occur?
Under which conditions does the problem occur?
Can the problem be reproduced?
The answers to these questions typically lead to a good description of the problem, which can then lead to a resolution of the problem.
What Are the Symptoms Of the Problem?
When you start to describe a problem, the most obvious question is "What is the problem?" This question might seem straightforward; however, you can break it down into several focused questions that create a more descriptive picture of the problem. These questions can include:
Who, or what, is reporting the problem?
What are the error codes and messages?
How does the system fail? For example, is the problem a loop, hang, crash, performance degradation, or incorrect result?
Where Does the Problem Occur?
Determining where the problem originates is not always easy, but it is one of the most important steps in resolving a problem. Many layers of technology can exist between the reporting and failing components. Networks, disks, and drivers are only a few of the components to consider when you are investigating problems.
The following questions help you to isolate the problem layer:
Is the problem specific to one appliance?
Is the current environment and configuration supported?
If one layer reports the problem, the problem does not necessarily originate in that layer. Part of identifying where a problem originates is understanding the environment in which it exists. Take some time to completely describe the problem environment, including the operating system and version, all corresponding software and versions, and the hardware. Confirm that you are running within an environment that is supported; many problems can be traced back to incompatible levels of software that are not intended to run together or are not fully tested together.
When Does the Problem Occur?
Develop a detailed timeline of events that lead up to a failure, especially for cases that are one-time occurrences. You can most easily develop a timeline by working backward: Start at the time an error was reported (as precisely as possible, even down to the millisecond), and work backward through the available logs and information. Typically, you need to look only as far as the first suspicious event that you find in a diagnostic log.
To develop a detailed timeline of events, answer these questions:
Does the problem happen only at a certain time of day or night?
How often does the problem happen?
What sequence of events leads up to the time that the problem is reported?
Does the problem happen after an environment change, such as an upgrade or an installation of software or hardware?
Under Which Conditions Does the Problem Occur?
Knowing which systems and applications are running at the time that a problem occurs is an important part of troubleshooting. These questions about your environment can help you to identify the cause of the problem:
Does the problem always occur when the same task is being performed?
Does a certain sequence of events need to occur for the problem to occur?
Do any other applications fail at the same time?
Answering these types of questions can help you explain the environment in which the problem occurs and correlate any dependencies. Remember when multiple problems occur around the same time, the problems are not necessarily related.
Can the Problem Be Reproduced?
Problems that you can reproduce are often easier to solve. However, problems that you can reproduce can have a disadvantage. If the problem has a significant business impact, you do not want it to recur. If possible, re-create the problem in a test or development environment, which typically offers you more flexibility and control during your investigation. Answer the following questions:
Can the problem be re-created on a test system?
Are multiple users encountering the same type of problem?
Can the problem be re-created by running a single command or a set of commands?
