AWS (CloudTrail) Collection: Troubleshoot using AWS

Document created by RSA Information Design and Development on Jul 25, 2016Last modified by RSA Information Design and Development on Sep 14, 2016
Version 3Show Document
  • View in full screen mode
 

The following section describes troubleshooting tips using AWS.

Changing Hostname in Amazon AMI

If you need to change the hostname in Amazon AMI, follow these steps:

  • In your instance, open the /etc/sysconfig/network configuration file in your favorite text editor and change the HOSTNAME entry to reflect the fully qualified domain name (such as webserver.mydomain.com).
    For example: HOSTNAME=webserver.mydomain.com

  • Reboot the instance to establish the new hostname, as shown in the following example:
    [ec2-user ~]$sudo reboot
  • Log in to your instance and verify that the hostname is updated. Your prompt should show the new hostname (up to the first set of quotation marks). The hostname command should display the fully qualified domain name, as shown in the following example:
    [ec2-user@webserver ~]$ hostname webserver.mydomain.com

    Troubleshooting Provisioning Errors

    Listed below are the steps required to re-enable your remote log collection service in Security Analytics on the remote log collector in AWS, along with steps that are required re-enable your remote log collection service in Security Analytics on your Security Analytics Server.

    1. On the AWS Remote Log Collector, run /etc/puppet/scripts/node_id.py
    2. On the AWS Remote Log Collector, run puppet cert clean <Node_id>

    3. On the Security Analytics Server, run service puppetmaster stop

    4. On the AWS Remote Log Collector, run service puppet stop

    5. On the AWS Remote Log Collector, run rm -rf /var/lib/puppet/ssl/*

    6. On the Security Analytics Server, run service puppetmaster start

    7. On the AWS Remote Log Collector, run service puppet start

    8. On the AWS Remote Log Collector, run puppet agent --test –waitforcert 30

    Checking Ports and Log Collection Services

    To check for the ports that are listening on your remote log collection service, run the following command:

    netstat -anp | grep LISTEN

    For more information, refer to the Ports table in Step 2 - Configure Remote Log Collector Service.

     

Attachments

    Outcomes