cancel
Showing results for 
Search instead for 
Did you mean: 

Trace netbackup communication with an IP

AntBar
Level 5

Hello everybody,

I need your advice. A security admin says me than a communication is registered by firewall, from Netbackup Server to a IP. This IP is configured on a server which don't have Netbackup client...

I had verified, all client registred in client list on master, by pinging them. No success.

Firewall saved communications in a laps time where as, activity monitor doesn't running anything.

Obviously, I've executed bptestbpclntcmd without any success ("can't connect on socket").

How can I research any information about this strange thing ?

Port communication are 1556 and 13724.

Thanks.

21 REPLIES 21

Nicolai
Moderator
Moderator
Partner    VIP   

Is it only the master server that is trying to connect to the client, or does the firewall also show reply from client  ?

How are IP assigned, uing DHCP or static, if using DHCP try clearing out Netbackup host cache:

bpclntcmd -clear_host_cache

Only the master try to access it.

IP are fixed.

Nicolai
Moderator
Moderator
Partner    VIP   

Likely the client is defined somewhere in the Netbackup environment. To get a idea, I would something like this

# vxlogview -p 51216 -t 01:30:00 | grep -i NAME_OF_SERVER

-t 01:30:00 will in all logs back for 1 hour and 30 minutes

Hopefully the log output will give some clue/ideas where client is specified..

Technotes about vxlogview:

https://www.veritas.com/support/en_US/article.100017099
https://www.veritas.com/support/en_US/article.100017292

Best Regards
Nicolai

Hamza_H
Moderator
Moderator
   VIP   

Hello,

You may want to check Policy deployment in your console, I had a kind of similar problem ebfoer, and by checking this side, I found that the client was in a deployment policy, once we deleted it, we had no more errors..

btw, the errors we had were logged in Problems report, do you have that too?

good luck

Unfortunately (or maybe I'm tired), vxlogview doesn't help me. I've attached the extract vxlogview to this date "11/12/20 22:03:00" to "11/12/20 22:04:00" . These values are logged into firewall.

Yes Good luck Smiley LOL

Can a deactivated policy can produce this behaviour ?

Hamza_H
Moderator
Moderator
   VIP   

Which version you are running?

I am not talking about Backup policy, but deployment policy, I attached a screenshot, and I think yes, even a deactivated policy could produce this behavior..

 

edit// add screenshot

8.1 and I don't see your screenshot also

Hamza_H
Moderator
Moderator
   VIP   

Sorry my bad look at my previous post, I edited it

I don't have it (Deployment policies)

Nicolai
Moderator
Moderator
Partner    VIP   

Any client in any policy, even policies with only user initiated jobs can cause this.

I looked at the vxlogview output, but did not find any hints. You may have to increase logging level.

/Nicolai

Hamza_H
Moderator
Moderator
   VIP   

did you run bpcltncmd -clear_host_cache ? what is the name of the previous client that has that ip adresse ? and what is the ip adresse too?

you may want to share your nbsu from the master server??

also check master's props (resilient network, proxies..)

do you have errors in your problem reports?

do you have those entries at the same time everyday? or like every 1 hour? 

One other thing to check -- does this host have multiple hostnames in DNS?  I've helped a customer chase something like this for weeks and in the end the hostname being hit at the firewall wasn't the hostname NBU saw it as.  It was a very tedious exercise to figure that out.  It might be a long shot, but something to consider.  The VxUpdate deployment policy is another place I'd look.

Was this host EVER managed by NetBackup at all?

Charles
VCS, NBU & Appliances

Hi all,

@NicolaiCould you tell me how to increase log verbosity for vxlogview ? Is it dependant to general log ?

@Hamza_HI've executed bpcltncmd -clear_host_cache this morning. No errors in reports.

@vtas_chasThis IP is used by a new server without netbackup client. Before, agent was installed but I've no idea on which server :\

Last week end, new records were saved in firewall, only the night apparently

vtas_chas
Level 6
Employee

You can increase logging levels by modifying the VERBOSE setting in bp.conf.

Do you know if the firewall is seeing the hostname or the IP?  I'd search the NBU logs for both hostname and IP, too. 

Use the same DNS servers the Master is using to do a reverse lookup of the IP to see what it resolves to on the Master, too, that might help. 

If this IP was used elsewhere previously, it is entirely conceivable the hostname is not being resolved according to its new settings.  It could be a single DNS server didn't update properly, something is cached somewhere inside NBU, or a hosts file has an entry in it.

Have you checked /etc/hosts?

Charles
VCS, NBU & Appliances

FW show only IP address

I've already checked HOSTS files :(

NSlookup doesn't help too.

Master is on Windows. No bp.conf... is it global logging level ?

vtas_chas
Level 6
Employee

Right, sorry, forgot this was Windows.  You can change logging from within the Java UI for the Master.  You can also use vxlogcfg for the specific OID (which might be the better more specific way to deal with this).  See https://www.veritas.com/support/en_US/doc/86063237-127664549-0/v40601087-127664549 for more help there.

How did you use nslookup?  In my experience it isn't as specific and helpful as Linux based tools, but make sure you're setting it to use the specific DNS host and do the reverse lookups on each DNS server that the OS sees.  

Charles
VCS, NBU & Appliances

jnardello
Moderator
Moderator
   VIP    Certified
As mentioned by others, check and make sure there's not another interface on the Client that NetBackup DOES know about. You may also want to do a quick nslookup or such on the client's IP, see if it points to multiple hostnames - maybe one old & one new ? Or a box with one IP but different apps access it using different DNS aliases ? I've seen cases where an old hostname got reused for a new box, as well as cases where the DNS minions forgot to clean out the old IP map entries entirely and you get multiple names pointing to the same IP. If there's only the one interface in DNS and on the Client then as far as tracking under v8.1 goes : On the Master - egrep -i "clienthostname | clientIP" /etc/hosts (where clientshorthostname & clientIP are replaced by the appropriate values, of course) ls -l /usr/openv/netbackup/db/images |egrep -i "clientshorthostname | clientIP " (again, replace those values) That will tell you what the Master knows about. If you have entries in the images directory, the Master was told at some point to talk to that Client - or at least a Client with that particular name (which is yet another reason why it's bad to backup an IP instead of a hostname). If you do see an entry in images you can do a quick search and see what backup images, if any, still exist for that name. sudo /usr/openv/netbackup/bin/admincmd/bpimagelist -d 1/1/1970 -U -client hostnameinimages $5 says NetBackup is doing exactly what it's been told to though. =)

bpcltncmd -clear_host_cache don't help.
I've review HOST file on master, and IP is not present.
Browsing Client backup from earliest and IP, don't help, same result from catalog.
All agents listed in Netbackup Admin console respond with thier IP normally.

Somewhere in Netbackup configuration, I have a process which call this IP...but where...