Interpreting Gateway Diagnostic Results

Gateway Output

To generate Gateway diagnostic output:

  1. Go to Diagnostic Tools > Gateway Diagnostics.

  2. Select the gateway on which to run the diagnostic and then click Diagnostics in the Tools list. There are a variety of ways to access Gateway Diagnostics.

  3. Click Run.

  4. After the diagnostic has run, click Copy to Clipboard.

  5. Paste the results in a text file.

All the diagnostic results listed in this section are in this downloaded file.

The first section of the downloaded file shows the following:

  • Gateway port 22 and 443 status.

  • Expected value: Up and reachable. If not, please make sure the gateway has its security group port 22 and 443 open to the Controller’s EIP in the AWS console. It is expected that SSH port 22 is reachable as the Controller will use the port to perform diagnostics on the Gateway.

  • Make sure HTTPS port 443 is reachable in this section since it indicates that the Controller is able to reach the Gateway for configuration and software package delivery.

    "SSH": {
        "port": {
            "22": [
                "up",
                "reachable"
            ]
        },
        "service": "Up"
    },
    "GatewayIamRole": "Passed",
    "HTTPS": {
        "port": {
            "443": [
                "up",
                "reachable"
            ]
        },
        "service": "Up"
    },
    "Upload": "Pass",

Upload Output

  • Indicates that Aviatrix Controller is able to upload files to the gateway.

  • Expected value: Pass

  • If it fails, please check that port 443 is open in both the security group and the VPC ACL between the Controller and the gateway instance in the AWS console.

    "Upload": "Pass",

DNS Service

  • Indicates DNS service status and related configuration on the gateway.

  • Default nameserver: 8.8.8.8

    "DNS Service": {
        "/etc/resolvconf/resolv.conf.d/head": [
            "nameserver 8.8.8.8",
        ],
        "/etc/hosts": [
            "127.0.0.1\tlocalhost",
            "::1 ip6-localhost ip6-loopback",
            "fe00::0 ip6-localnet",
            "ff00::0 ip6-mcastprefix",
            "ff02::1 ip6-allnodes",
            "ff02::2 ip6-allrouters",
            "ff02::3 ip6-allhostsip-172-31-45-222",
            "10.17.1.204 ip-10-17-1-204",
            ""
            ],
        "/etc/hostname": [
            "ip-10-17-1-204",
            ""
        ],
        "/etc/systemd/resolved.conf": [
            "[Resolve]",
            ""
        ],
        "/etc/resolv.conf": [
            "nameserver 8.8.8.8",
            "nameserver 127.0.0.53",
            "search ca-central-1.compute.internal",
            "options edns0",
            ""
        ]
    },

NTP Config

In Controller

Indicates NTP config. > Default server: 169.254.169.123

 "NTP config": {
    "/etc/ntp.conf": [
        "driftfile /var/lib/ntp/ntp.drift\n",
        "leapfile /usr/share/zoneinfo/leap-seconds.list\n",
        "statistics loopstats peerstats clockstats\n",
        "filegen loopstats file loopstats type day enable\n",
        "filegen peerstats file peerstats type day enable\n",
        "filegen clockstats file clockstats type day enable\n",
        "restrict -4 default kod notrap nomodify nopeer noquery limited\n",
        "restrict -6 default kod notrap nomodify nopeer noquery limited\n",
        "restrict 127.0.0.1\n",
        "restrict ::1\n",
        "restrict source notrap nomodify noquery\n",
        "server 169.254.169.123 prefer iburst\n"
    ]
},

HTTPS GET

  • Indicates connectivity for HTTPS request from gateway to the controller.

  • Expected value: Pass if GW can communicate with Controller without issue.

  • When It shows “Fail” please check both Controller and Gateway security group. You can also check if the Controller has its security group port 443 open to the gateway’s EIP in the AWS console.

    "HTTPS GET": "Pass",

Supervisorctl Status

  • Indicates the supervisor status. All services should be in RUNNING state except local_launch.

  • rtmon is the monitor process for Transit and Spoke Gateway, the status should be running when in transit or spoke gateway. The state can be FATAL in other type of gateway.

    "supervisorctl status": [
        "fqdn_stats                       RUNNING   pid 2121, uptime 16:39:29\n",
        "gwmon                            RUNNING   pid 2117, uptime 16:39:29\n",
        "local_launch                     EXITED    Mar 25 08:47 AM\n",
        "openvpn                          RUNNING   pid 2123, uptime 16:39:29\n",
        "perfmon                          RUNNING   pid 2119, uptime 16:39:29\n",
        "rtmon                            FATAL     Exited too quickly (process log may have details)\n",
        "sw-wdt4perfmon                   RUNNING   pid 2124, uptime 16:39:29\n",
        "time_action                      RUNNING   pid 2118, uptime 16:39:29\n"
    ],

MsgQueue Output

  • Indicates AWS SQS message queue status.

  • ApproximateNumberOfMessages indicates the number of pending messages in the queue.

  • Expected value is 0. If this value is not 0, it means there is issue on the AWS SQS Service. Please update your IAM policy (refer to IAM Policy and check if the DNS resolution passed on the gateway.) You may also check if this SQS queue is still in your AWS SQS Service or the IAM policy is correctly attached on the Gateway.

    "MsgQueue": {
        "ApproximateNumberOfMessagesNotVisible": "0",
        "KmsDataKeyReusePeriodSeconds": "300",
        "KmsMasterKeyId": "alias/aws/sqs",
        "ContentBasedDeduplication": "false",
        "PubSubErrorCount": 0,
        "ConnectionSuccessCount": 17,
        "ApproximateNumberOfMessagesDelayed": "0",
        "ApproximateNumberOfMessages": "0",
        "ExpiredTokenErrorCount": 16,
        "ConnectionStatus": "Connected",
        "ReceiveMessageWaitTimeSeconds": "0",
        "DelaySeconds": "0",
        "FifoQueue": "true",
        "VisibilityTimeout": "30",
        "PollFailureCount": 16,
        "PollingStatus": "Active",
        "ConnectionFailureCount": 0,
        "MaximumMessageSize": "262144",
        "CreatedTimestamp": "1584614502",
        "NumMessagesReceived": 0,
        "MessageRetentionPeriod": "1209600",
        "LastModifiedTimestamp": "1584614609",
        "QueueArn": "arn:aws:sqs:ca-central-1:2767xxxxxxxx:aviatrix-1x-2xx-1xx-2xx.fifo"
    },

Route Output

  • Indicates the route table on the gateway.

  • tun0 is the interface for OpenVPN

  • tun-xxx is the interface Transit-Spoke connection

    "route": [
        "Kernel IP routing table\n",
        "Destination     Gateway         Genmask         Flags Metric Ref    Use Iface\n",
        "0.0.0.0         10.187.64.1     0.0.0.0         UG    0      0        0 eth0\n",
        "10.187.64.0     0.0.0.0         255.255.240.0   U     0      0        0 eth0\n",
        "192.168.43.0    192.168.43.2    255.255.255.0   UG    0      0        0 tun0\n",
        "192.168.43.2    0.0.0.0         255.255.255.255 UH    0      0        0 tun0\n",
        "10.20.0.0       0.0.0.0         255.255.0.0     U     100    0        0 tun-xxx\n"
        "10.20.51.91     0.0.0.0         255.255.255.255 U     100    0        0 tun-xxx\n"
    ],

IP Rule Output

N/A

"ip rule":  [
    "0:\tfrom all lookup local \n",
    "32766:\tfrom all lookup main \n",
    "32767:\tfrom all lookup default \n"
],

IP Route Table Main Output

N/A

"ip route table main": [
    "default via 10.187.64.1 dev eth0 \n",
    "10.187.64.0/20 dev eth0 proto kernel scope link src 10.187.77.1xx \n",
    "192.168.43.0/24 via 192.168.43.2 dev tun0 \n",
    "192.168.43.2 dev tun0 proto kernel scope link src 192.168.43.1 \n"
],

iptables Output

  • Indicates Stateful firewall configuration

  • Mainly used for debugging

    "iptables rules": [
        "-P INPUT ACCEPT\n",
        "-P FORWARD ACCEPT\n",
        "-P OUTPUT ACCEPT\n",
        "-N RULE-LOG-ACCEPT\n",
        "-N RULE-LOG-DROP\n",
        "-A FORWARD -m state --state ESTABLISHED -j ACCEPT\n",
        "-A FORWARD -s 192.168.43.6/32 -i tun0 -j ACCEPT\n",
        "-A RULE-LOG-ACCEPT -m limit --limit 2/sec -j LOG --log-prefix \"AvxRl gw1
     A:\" --log-level 7\n",
        "-A RULE-LOG-ACCEPT -j ACCEPT\n",
        "-A RULE-LOG-DROP -m limit --limit 2/sec -j LOG --log-prefix \"AvxRl gw1
    D:\" --log-level 7\n",
        "-A RULE-LOG-DROP -j DROP\n"
    ],

iptables nat Output

  • Indicates NAT configuration.

  • Mainly used for debugging.

    "iptables nat rules": [
        "-P PREROUTING ACCEPT\n",
        "-P INPUT ACCEPT\n",
        "-P OUTPUT ACCEPT\n",
        "-P POSTROUTING ACCEPT\n",
        "-N CLOUDN-LOG-natVPN\n",
        "-A POSTROUTING -s 192.168.43.0/24 -j CLOUDN-LOG-natVPN\n",
        "-A CLOUDN-LOG-natVPN -j LOG --log-prefix \"AviatrixUser: \"\n",
        "-A CLOUDN-LOG-natVPN -j MASQUERADE\n"
    ],

iptables mangle Output

  • Indicates iptables mangle configuration.

  • For debugging purposes.

    "iptables mangle rules": [
        "-P PREROUTING ACCEPT\n",
        "-P INPUT ACCEPT\n",
        "-P FORWARD ACCEPT\n",
        "-P OUTPUT ACCEPT\n",
        "-P POSTROUTING ACCEPT\n",
        "-N MSSCLAMPING\n",
        "-A FORWARD -j MSSCLAMPING\n",
        "-A MSSCLAMPING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1370\n"
    ],

ipset Output

N/A

"ipset rules": [
    "Name: avx_hnf_ipset_d_accept\n",
    "Type: hash:ip,port\n",
    "Revision: 5\n",
    "Header: family inet hashsize ... (the rest is omitted.)
    "Size in memory: 4564\n",
    "References: 1\n",
    "Number of entries: 36\n",
    "Members:\n",
    "64.233.181.108,tcp:25 comment \"smtp.gmail.com\"\n",
    "108.177.111.109,tcp:25 comment \"smtp.gmail.com\"\n",
    "108.177.121.108,tcp:25 comment \"smtp.gmail.com\"\n",
    "173.194.198.109,tcp:25 comment \"smtp.gmail.com\"\n",
    "209.85.144.109,tcp:25 comment \"smtp.gmail.com\"\n"
],
  • Indicates the ip link status of the gateway.

  • Status should be UP.

    "ip link display": [
        "1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state
                                   UNKNOWN mode DEFAULT group default qlen 1000\n",
        "    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n",
        "2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP
                                   mode DEFAULT group default qlen 1000\n",
        "    link/ether 06:b3:ec:15:fe:bc brd ff:ff:ff:ff:ff:ff\n",
        "3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel
                                   ztate UNKNOWN mode DEFAULT group default qlen 100\n",
        "    link/none \n",
        "4: cxm0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
                                   DEFAULT group default qlen 1000\n",
        "    link/ether b2:9a:79:d7:68:a8 brd ff:ff:ff:ff:ff:ff\n"
    ],

ifconfig Output

  • Indicates gateway’s interfaces.

  • There should be very limit number of TX and RX errors/dropped.

  • If there are a lot of TX errors or dropped in tun0, it may be due to authentication mismatch on the tunnel.

    "ifconfig display": [
         "eth0: flags=4163<UP,BROADCAST,... (the rest is omitted.)
         "        inet 10.10.10.72  netm... (the rest is omitted.)
         "        inet6 fe80::8a4:d3ff:f... (the rest is omitted.)
         "        ether 0a:a4:d3:1b:df:0... (the rest is omitted.)
         "        RX packets 326021  byt... (the rest is omitted.)
         "        RX errors 0  dropped 0... (the rest is omitted.)
         "        TX packets 185361  byt... (the rest is omitted.)
         "        TX errors 0  dropped 0... (the rest is omitted.)
         "\n",                          ... (the rest is omitted.)
         "lo: flags=4169<UP,LOOPBACK,RUN... (the rest is omitted.)
         "        inet 127.0.0.1  netmas... (the rest is omitted.)
         "        inet6 ::1  prefixlen 1... (the rest is omitted.)
         "        loop  txqueuelen 1000 ... (the rest is omitted.)
         "        RX packets 396  bytes ... (the rest is omitted.)
         "        RX errors 0  dropped 0... (the rest is omitted.)
         "        TX packets 396  bytes ... (the rest is omitted.)
         "        TX errors 0  dropped 0... (the rest is omitted.)
         "\n",                          ... (the rest is omitted.)
         "tun0: flags=4305<UP,POINTOPOIN... (the rest is omitted.)
         "        inet 192.168.43.1  net... (the rest is omitted.)
         "        inet6 fe80::30ff:994a:... (the rest is omitted.)
         "        unspec 00-00-00-00-00-... (the rest is omitted.)
         "        RX packets 0  bytes 0 ... (the rest is omitted.)
         "        RX errors 0  dropped 0... (the rest is omitted.)
         "        TX packets 4  bytes 30... (the rest is omitted.)
         "        TX errors 0  dropped 0... (the rest is omitted.)
         "\n"
     ],

Processes

  • N/A

    "Processes": [
        "top - 01:27:05 up 16:39,  0 users,  load average: 0.15, 0.03, 0.01\n",
        "Tasks: 114 total,   1 running,  74 sleeping,   0 stopped,   0 zombie\n",
        "%Cpu(s):  0.3 us,  0.1 sy,  0.0 ni, 99.6 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st\n",
        "KiB Mem :  3907116 total,  2590900 free,   325604 used,   990612 buff/cache\n",
        "KiB Swap:        0 total,        0 free,        0 used.  3295864 avail Mem \n",
        "\n",
        "  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND\n",
        "    1 root      20   0  159868   9120   6680 S   0.0  0.2   0:03.61 /sbin/init\n",
        "    2 root      20   0       0      0      0 S   0.0  0.0   0:00.00 [kthreadd]\n",
        ... (the rest is omitted.)
    ]

IKE daemon Output

  • Indicates IKE daemon service and port status

  • Default: Up for all

    "IKE daemon": {
        "port": {
            "500": "Up",
            "4500": "Up"
        },                                                                                       |
        "service": "Up"
    },

Top mem processes

  • Indicates the memory and CPU usage of the gateway.

  • The memory usage of processes (first column) is changing dynamically and the overall usage should be lower than 50%

  • Mainly used for debugging

    "top mem processes": [
        " 2.2  0.2 1320032 2117 python -W ignore /home/ubuntu/cloudx-aws/gwmon.py info\n",
        " 1.4  0.0 141076   431 /lib/systemd/systemd-journald\n",
        " 1.3  0.2 267644  2118 python -W ignore /home/ubuntu/cloudx-aws/timer_action.py\n",
        " 1.0  0.0 387132  2011 /usr/sbin/apache2 -k start\n",
    ],

Sysinfo CPU Output

  • N/A

    "SysInfo": [
        "***CPU***\n",
        "Architecture:        x86_64\n",
        "CPU op-mode(s):      32-bit, 64-bit\n",
        "Byte Order:          Little Endian\n",
        "CPU(s):              2\n",
        "On-line CPU(s) list: 0,1\n",
        "Thread(s) per core:  1\n",
        "Core(s) per socket:  2\n",
        ... (the rest is omitted.)

Kernel Output

N/A

 "***Kernel***\n",
"Linux ip-10-187-77-159 4.15.0-1044-aws #46 SMP Sun Dec 8 00:42:58 UTC 2019 x86_64

Uptime Output

  • Indicates Uptime of the gateway.

  • Indicates the time that the system has been working and available.

    "***Uptime***\n",
    " 01:27:05 up 16:39,  0 users,  load average: 0.14, 0.03, 0.01\n",

Reboot History

  • Indicates Reboot History of the gateway.

  • It shows the date/time of gateway reboot history.

    "***Reboot History***\n",
    "reboot   system boot  4.15.0-1044-aws  Wed Mar 25 08:47   still running\n",
    "shutdown system down  4.15.0-1044-aws  Wed Mar 25 08:45 - 08:47  (00:01)\n",
    "reboot   system boot  4.15.0-1044-aws  Tue Mar 24 01:30 - 08:45 (1+07:14)\n",
    "shutdown system down  4.15.0-1044-aws  Mon Mar 23 10:06 - 01:30  (15:24)\n",
    "reboot   system boot  4.15.0-1044-aws  Thu Mar 19 10:41 - 10:06 (3+23:24)\n",
    "\n",
    "wtmp begins Thu Mar 19 10:41:57 2020\n",

Memory Output

  • Shows current memory usage

  • If memory is lower than 95%, you will receive an warning email to indicate the memory threshold is passed. You can increase the instance size to have more available memory.

    "              total        used        free      shared  buff/cache   available\n"
    "Mem:           3.7G        318M        2.5G         25M        967M        3.1G\n"
    "Swap:            0B          0B          0B\n",

Disk Usage

  • Indicates disk usage on the gateway.

  • The maximum size of /usr should be lower than 6G, please open a support ticket at https://support.aviatrix.com if you see abnormal usage in a folder.

    "***Disk Usage***\n",
    "5.4G\t/\n",
    "2.9G\t/usr\n",
    "1.9G\t/var\n",
    "1.6G\t/var/log\n",
    "1.3G\t/usr/src\n",
    "863M\t/usr/lib\n",
    ... (the rest is omitted.)

File System

N/A

"***File System***\n",
"Filesystem      Size  Used Avail Use% Mounted on\n",
"udev            1.9G     0  1.9G   0% /dev\n",
"tmpfs           382M  7.1M  375M   2% /run\n",
"/dev/xvda1       16G  5.7G  9.8G  37% /\n",
"tmpfs           1.9G     0  1.9G   0% /dev/shm\n",
"tmpfs           5.0M     0  5.0M   0% /run/lock\n",
"tmpfs           1.9G     0  1.9G   0% /sys/fs/cgroup\n",
"tmpfs           382M     0  382M   0% /run/user/1000\n",

Virtual Mem statistics

N/A

 "***Virtual Memory statistics***\n",                                                         |
| "procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----\n",        |
| " r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st\n",        |
| " 0  0      0 2220768 181288 1178804    0    0     6    23   85  128  0  0 100  0  0\n",     |
|

Software Version

N/A

"***Software Version***\n",
"================================================================================\n",
"Branch: UserConnect-5.3\n",
"Commit: commit d02bf8434\n",
"Commit Date:   Tue Mar 10 11:15:11 2020 -0700\n",
"Build Date: Tue Mar 10 11:31:16 PDT 2020\n",
"Built By: Reyweng\n",
"================================================================================\n",
"\n",

EC2 Instance Metadata

  • Indicates EC2 Instance Metadata status.

  • Aviatrix support will need AMI ID and instance type and other EC2 metadata for debugging purpose.

    "***EC2 Instance Metadata***\n",
    "{\n",
    "  \"architecture\" : \"x86_64\",\n",
    "  \"availabilityZone\" : \"ca-central-1b\",\n",
    "  \"billingProducts\" : null,\n",
    "  \"devpayProductCodes\" : null,\n",
    "  \"imageId\" : \"ami-01axxxxxxxxxxxxxx\",\n",
    "  \"instanceId\" : \"i-046xxxxxxxxxxxxxx\",\n",
    "  \"instanceType\" : \"t2.medium\",\n",
    "  \"kernelId\" : null,\n",
    "  \"pendingTime\" : \"2020-03-25T08:47:05Z\",\n",
    "  \"privateIp\" : \"10.187.77.159\",\n",
    "  \"ramdiskId\" : null,\n",
    "  \"region\" : \"ca-central-1\",\n",
    "  \"version\" : \"2017-09-30\"\n",
    "}{\n",
    "  \"Code\" : \"Success\",\n",
    "  \"LastUpdated\" : \"2020-03-26T00:47:40Z\",\n",
    "  \"InstanceProfileArn\" : \"arn:aws:iam::xxxxxxxxxxxx:instance-profile/
                                                              aviatrix-role-ec2\",
    "  \"InstanceProfileId\" : \"XXXXXXXXXXXXXXXXXXXXX\"\n",
    "}{\n",
    "  \"Code\" : \"Success\",\n",
    "  \"LastUpdated\" : \"2020-03-26T00:53:47Z\",\n",
    "}"

VPN Service Output

  • Indicates OpenVPN service status.

  • Status is down if the gateway is a non SSLVPN gateway.

  • For SSLVPN gateway with ELB enabled, port 943 should be UP and the gateway’s security group has default port 943 open to 0.0.0.0/0 to accept remote user connection.

  • For SSLVPN gateway with ELB disabled, port 1194 should be UP and the gateway’s security group has default port 1194 open to 0.0.0.0/0 to accept remote user connection.

    "VPN Service": {
        "port": {
    "943": [
                "up",
                "reachable"
            ]
        },
        "service": "Down"
    },
    |

VPN Status Output

  • Indicates the VPN configuration status. Expected value: Pass

    "VPN config": "Pass",

Auth Config

  • Indicates the authentication method configured on the VPN gateway.

    "Auth Config": [
        {
            "cfg": "Pass",
            "method": "SAML auth"
        }
    ],

Server Cert Output

N/A

"Server Cert": "good",

FQDN Output

  • Indicates the FQDN Egress Control status

  • Status is active when FQDN egress control is enabled.

  • Status is inactive when FQDN egress control is disabled or failed.

    "FQDN service": [
        " avx-nfq.service - Aviatrix NFQ\n",
        "   Loaded: loaded (/lib/systemd/system/avx-nf... (the rest is omitted.)
        "   Active: active (running) since Wed 2018-12... (the rest is omitted.)
        " Main PID: 8495 (avx-nfq)\n",
        "    Tasks: 1 (limit: 1149)\n",
        "   CGroup: /system.slice/avx-nfq.service\n",
        "           └─8495 /home/ubuntu/cloudx-aws/nfq-module/avx-nfq\n",
        "\n",
        "Dec 19 13:23:30 ip-10-10-0-182 avx-nfq[8495]:... (the rest is omitted.)
       ... (the rest is omitted.)
    ],

Hostname-filter Report

  • Indicates the Hostname filter configuration.

    "Hostname-filter Report": [
        "{\n",
        "  \"smtp.gmail.com\": {\n",
        "    \"ip_list\": [\n",
        "      \"74.125.126.109\", \n",
        "      \"74.125.126.108\", \n",
        "      \"173.194.194.109\", \n",
        "      \"173.194.205.109\"\n",
        "    ], \n",
        "    \"thread_state\": \"ALIVE\"\n",
        "  }\n",
        "}"
    ],

Hostname-filter Status

  • Indicates Hostname-filter service status

  • Default: inactive

    "Hostname-filter Status": [
        "● avx-hostname-filter.service - Aviatrix Hostname Filter\n",
        "   Loaded: loaded (/lib/systemd/system/avx-hostname-filter.service;
                                       disabled; vendor preset: enabled)\n",
        "   Active: inactive (dead)\n"
    ],

SpanPort Output

  • Currently not used.

    "SpanPort Service": {
        "port": "unknown",
        "service": "Down"
    },

Ulimit Output

N/A

"Ulimit": [
    "65536\n"
],

Services Status Output

"Rsyslog Service": "Service: Disabled, Process: Running",
"Splunk Service": "Service: Disabled, Process: Not Running",
"Filebeat Service": "Service: Disabled, Process: Not Running",
"Sumologic Service": "Service: Disabled, Process: Not Running",
"Datadog Service": "Service: Disabled, Process: Not Running",
"Netflow Service": "Service: Disabled, Process: Not Running",
"CloudWatch Service": "Service: Disabled, Process: Not Running",

CIS Patch Output

N/A

"CIS Patch status": {
    "Not patched": [
        "Enable support for FIPS 140-2",
        "X-XSS-Protection and X-Content-Type-Options Headers",
        "Increase File Descriptor limit"
    ],
    "Patched": []
},

SW Patch status

  • Indicates Software status

  • The patches are good to apply. Aviatrix uses the patch process to address vulnerabilities that are not part of an upgrade.

    "SW Patch status": {
        "Not patched": [
            "Apply xml file patch for Splunk year 2020 bug"
        ],
        "Patched": [
            "Mitigation for Datadog Agent installation issue on Ubuntu 14.04"
        ]
    },

Ingress Control Output

N/A

"Ingress Control": {
    "Routing": "disabled",
    "GuardDuty Service": {
        "Account": "robin-aws",
        "Region": "ca-central-1",
        "Account status": "disabled",
        "AWS status": "disabled"
    }
},

rp_filter Output

N/A

"rp_filter": [
    "net.ipv4.conf.all.rp_filter = 0\n",
    "net.ipv4.conf.eth0.rp_filter = 0\n"
],

FQDN service status

N/A

"FQDN stats service": [
    "fqdn_stats                       RUNNING   pid 2121, uptime 16:39:45\n"
]