Troubleshooting issues

If any issue occurs when using the software, SDS Enterprise offers a tracing system. It provides the SDS Enterprise Technical Assistance Center with useful information for the analysis of issues. The workstation and Windows session do not need to be restarted to enable tracing.

To enable tracing on SDS Enterprise, double-click on a file with the extension .sbdiag provided by the SDS Enterprise Technical Assistance Center, or select the Stormshield Tracing menu from the Windows Start menu.

During tracing, the following elements will be saved in a .zip archive found in the the folder C:/ProgramData/Arkoon/Security BOX/Traces:

  • Generated SDS Enterprise traces (Trace.etl file).
  • SDS Enterprise events (audits.evtx file): it is possible to configure the generation of this file in the interface or in the .sbdiag file. Events logs must be enabled. To enable them, refer to Viewing event logs.
  • A digest of the workstation (sbdiag.xml file): contains information about the system and the installation of SDS Enterprise and the Microsoft Office suite,
  • A PSR trace (Problem Steps Recorder): this tool is provided with Windows operating systems from Windows 7 and allows recording actions performed when reproducing a problem on the workstation. It is possible to configure the generation of this file in the interface or in the .sbdiag file.

From an .sbdiag file

  1. Double-click on the .sbdiag file provided by the SDS Enterprise Technical Assistance Center to start the tracing interface in pre-configured mode.
  2. Click on Start tracing.
  3. Wait for the Tracing in progress message.
  4. Reproduce the sequence of actions to be traced.
  5. When the sequence is done, click on Stop tracing.
  6. In the next window, add comments for the SDS Enterprise Technical Assistance Center if needed. Provide additional information about the method of reproduction, time markers, file names, etc.
  7. Wait until the folder containing the tracing session opens. Send the zip file Trace<timestamp>.zip to the SDS Enterprise Technical Assistance Center.

In pre-configured mode, parameters cannot be modified.

From the tracing interface

If you do not have an .sbdiag file or if you want to customize the tracing session, select Stormshield Tracing in the Windows Start menu:

  1. To start the session, first open the settings window by clicking on the gear icon and select options.
  2. You are advised to select both options in the upper settings panel. Events logs must be enabled to extract SDS Enterprise events. To enable them, refer to Viewing event logs.

    NOTE
    The PSR (Problem Steps Recorder) tool can record screen captures during tracing session.

  3. Select only the Kernel module and the module affected by the tracing.
  4. After you have clicked on OK in the dialogue box, a file with the extension .sbdiag will automatically be created, and the tracing session can then proceed as described in the previous section.