IDENTITY-BASED MICROSEGMENTATION DOCUMENTATION

Enforcer

Data collection

For advanced troubleshooting, you can use apoctl to collect various types of information from the enforcers. The collected information will be bundled and downloaded, after which time it can be unpacked and decoded. Finally, it may be analyzed and aid in root cause analysis.

apoctl enforcer collect <information> <enforcer-id>

Replace <information> with any of the following.

  • logs
  • counters
  • packets
  • pustate
  • pcap
  • coredump

logs

apoctl enforcer collect logs <enforcer-id>

This will download the given enforcer’s logs and other related data.

counters

apoctl enforcer collect counters <enforcer-id>

This will download the error counters for the given enforcer.

packets

apoctl enforcer collect packets <enforcer-id>

This will download selective packets logged by the given enforcer.

pustate

apoctl enforcer collect pustate <enforcer-id>

This will download processing unit internal state for each of the given enforcer’s processing units.

pcap

apoctl enforcer collect pcap <enforcer-id> [--puid <processing-unit-id>] [--filter <expr>]

This will trigger and then download a tcpdump packet capture on the given enforcer. If given a puid, it will capture only traffic associated with that processing unit. You may also give an optional tcpdump filter expression.

coredump

apoctl enforcer collect coredump <enforcer-id> [--puid <processing-unit-id>]

This will trigger and then download a core dump file for the given enforcer. If given a puid, the core dump will be of the associated remote enforcer.

Download

The following download command allows you to retrieve the last bundle collected from the given enforcer.

apoctl enforcer download <enforcer-id>

Viewing the data

apoctl returns an encoded GZIP file. You must use our enforcerbundle tool to decompress and decode the contents.

sudo curl -o /usr/local/bin/enforcerbundle \
  https://download.aporeto.com/enforcerd/enforcerbundle/darwin/enforcerbundle && \
sudo chmod 755 /usr/local/bin/enforcerbundle
sudo curl -o /usr/local/bin/enforcerbundle \
  https://download.aporeto.com/enforcerd/enforcerbundle/linux/enforcerbundle && \
sudo chmod 755 /usr/local/bin/enforcerbundle

Once you have installed enforcerbundle, you can use a command like the following to uncompress and decode the contents.

enforcerbundle --in <bundle.tar.gz> --out <output-folder>

The output folder will contain the requested information in viewable form.