cancel
Showing results for 
Search instead for 
Did you mean: 

Trace netbackup communication with an IP

Hello everybody,

I need your advice. A security admin says me than a communication is registered by firewall, from Netbackup Server to a IP. This IP is configured on a server which don't have Netbackup client...

I had verified, all client registred in client list on master, by pinging them. No success.

Firewall saved communications in a laps time where as, activity monitor doesn't running anything.

Obviously, I've executed bptestbpclntcmd without any success ("can't connect on socket").

How can I research any information about this strange thing ?

Port communication are 1556 and 13724.

Thanks.

Tags (2)
21 Replies

Re: Trace netbackup communication with an IP

Is it only the master server that is trying to connect to the client, or does the firewall also show reply from client  ?

How are IP assigned, uing DHCP or static, if using DHCP try clearing out Netbackup host cache:

bpclntcmd -clear_host_cache

Re: Trace netbackup communication with an IP

Only the master try to access it.

IP are fixed.

Re: Trace netbackup communication with an IP

Likely the client is defined somewhere in the Netbackup environment. To get a idea, I would something like this

# vxlogview -p 51216 -t 01:30:00 | grep -i NAME_OF_SERVER

-t 01:30:00 will in all logs back for 1 hour and 30 minutes

Hopefully the log output will give some clue/ideas where client is specified..

Technotes about vxlogview:

https://www.veritas.com/support/en_US/article.100017099
https://www.veritas.com/support/en_US/article.100017292

Best Regards
Nicolai

Re: Trace netbackup communication with an IP

Hello,

You may want to check Policy deployment in your console, I had a kind of similar problem ebfoer, and by checking this side, I found that the client was in a deployment policy, once we deleted it, we had no more errors..

btw, the errors we had were logged in Problems report, do you have that too?

good luck

Re: Trace netbackup communication with an IP

Unfortunately (or maybe I'm tired), vxlogview doesn't help me. I've attached the extract vxlogview to this date "11/12/20 22:03:00" to "11/12/20 22:04:00" . These values are logged into firewall.

Re: Trace netbackup communication with an IP

Yes Good luck Smiley LOL

Can a deactivated policy can produce this behaviour ?

Re: Trace netbackup communication with an IP

Which version you are running?

I am not talking about Backup policy, but deployment policy, I attached a screenshot, and I think yes, even a deactivated policy could produce this behavior..

 

edit// add screenshot

Re: Trace netbackup communication with an IP

8.1 and I don't see your screenshot also

Re: Trace netbackup communication with an IP

Sorry my bad look at my previous post, I edited it

Re: Trace netbackup communication with an IP

I don't have it (Deployment policies)

Re: Trace netbackup communication with an IP

Any client in any policy, even policies with only user initiated jobs can cause this.

I looked at the vxlogview output, but did not find any hints. You may have to increase logging level.

/Nicolai

Re: Trace netbackup communication with an IP

did you run bpcltncmd -clear_host_cache ? what is the name of the previous client that has that ip adresse ? and what is the ip adresse too?

you may want to share your nbsu from the master server??

also check master's props (resilient network, proxies..)

do you have errors in your problem reports?

do you have those entries at the same time everyday? or like every 1 hour? 

Re: Trace netbackup communication with an IP

One other thing to check -- does this host have multiple hostnames in DNS?  I've helped a customer chase something like this for weeks and in the end the hostname being hit at the firewall wasn't the hostname NBU saw it as.  It was a very tedious exercise to figure that out.  It might be a long shot, but something to consider.  The VxUpdate deployment policy is another place I'd look.

Was this host EVER managed by NetBackup at all?

Charles
VCS, NBU & Appliances

Re: Trace netbackup communication with an IP

Hi all,

@NicolaiCould you tell me how to increase log verbosity for vxlogview ? Is it dependant to general log ?

@hha_meaI've executed bpcltncmd -clear_host_cache this morning. No errors in reports.

@vtas_chasThis IP is used by a new server without netbackup client. Before, agent was installed but I've no idea on which server :-/

Last week end, new records were saved in firewall, only the night apparently

Re: Trace netbackup communication with an IP

You can increase logging levels by modifying the VERBOSE setting in bp.conf.

Do you know if the firewall is seeing the hostname or the IP?  I'd search the NBU logs for both hostname and IP, too. 

Use the same DNS servers the Master is using to do a reverse lookup of the IP to see what it resolves to on the Master, too, that might help. 

If this IP was used elsewhere previously, it is entirely conceivable the hostname is not being resolved according to its new settings.  It could be a single DNS server didn't update properly, something is cached somewhere inside NBU, or a hosts file has an entry in it.

Have you checked /etc/hosts?

Charles
VCS, NBU & Appliances

Re: Trace netbackup communication with an IP

FW show only IP address

I've already checked HOSTS files :-(

NSlookup doesn't help too.

Master is on Windows. No bp.conf... is it global logging level ?

Re: Trace netbackup communication with an IP

Right, sorry, forgot this was Windows.  You can change logging from within the Java UI for the Master.  You can also use vxlogcfg for the specific OID (which might be the better more specific way to deal with this).  See https://www.veritas.com/support/en_US/doc/86063237-127664549-0/v40601087-127664549 for more help there.

How did you use nslookup?  In my experience it isn't as specific and helpful as Linux based tools, but make sure you're setting it to use the specific DNS host and do the reverse lookups on each DNS server that the OS sees.  

Charles
VCS, NBU & Appliances

Re: Trace netbackup communication with an IP

As mentioned by others, check and make sure there's not another interface on the Client that NetBackup DOES know about. You may also want to do a quick nslookup or such on the client's IP, see if it points to multiple hostnames - maybe one old & one new ? Or a box with one IP but different apps access it using different DNS aliases ? I've seen cases where an old hostname got reused for a new box, as well as cases where the DNS minions forgot to clean out the old IP map entries entirely and you get multiple names pointing to the same IP. If there's only the one interface in DNS and on the Client then as far as tracking under v8.1 goes : On the Master - egrep -i "clienthostname | clientIP" /etc/hosts (where clientshorthostname & clientIP are replaced by the appropriate values, of course) ls -l /usr/openv/netbackup/db/images |egrep -i "clientshorthostname | clientIP " (again, replace those values) That will tell you what the Master knows about. If you have entries in the images directory, the Master was told at some point to talk to that Client - or at least a Client with that particular name (which is yet another reason why it's bad to backup an IP instead of a hostname). If you do see an entry in images you can do a quick search and see what backup images, if any, still exist for that name. sudo /usr/openv/netbackup/bin/admincmd/bpimagelist -d 1/1/1970 -U -client hostnameinimages $5 says NetBackup is doing exactly what it's been told to though. =)

Re: Trace netbackup communication with an IP

bpcltncmd -clear_host_cache don't help.
I've review HOST file on master, and IP is not present.
Browsing Client backup from earliest and IP, don't help, same result from catalog.
All agents listed in Netbackup Admin console respond with thier IP normally.

Somewhere in Netbackup configuration, I have a process which call this IP...but where...