Tip
Cloud Lookup Timeout in the Action column indicates that the management center is unable to connect to the cloud. When you see this, check whether the management interface of the management center is connected to the Internet. If the Internet connectivity is operational, make sure the management center can resolve a DNS query.
Example 16-4 shows various states of the management center cloud communication. The syslog messages are automatically generated and stored by the Secure Firewall software. To view them in real time, you can use the tail command with the -f parameter.
Example 16-4 Analyzing Syslog Messages for Management Center Communications to the Cloud
Click here to view code image
admin@FMC:~$
sudo tail -f /var/log/messages
Password:
.
<Output is omitted for brevity>
.
!
If management center is connected to the internet, but fails to resolve a DNS
query, the following error message appears in the Syslog.
.
[timestamp] FMC stunnel: LOG3[3953:140160119551744]: Error resolving ‘cloud-sa.amp.
sourcefire.com’: Neither nodename nor servname known (EAI_NONAME)
.
!
After you fix any communication issues, management center should be able to con-
nect to the cloud. The following Syslog messages confirm a successful connection.
.
[timestamp] FMC SF-IMS[25954]: [26657] SFDataCorrelator:FireAMPCloudLookup [INFO]
cloud server is cloud-sa.amp.sourcefire.com
[timestamp] FMC SF-IMS[25954]: [26657] SFDataCorrelator:imcloudpool [INFO] connect
to cloud using stunnel
.
!
Once the management center is connected to the cloud, it begins the registra-
tion process. The following messages confirm successful registrations to the Cisco
Clouds.
.
[timestamp] FMC SF-IMS[25954]: [26657] SFDataCorrelator:FireAMPCloudLookup [INFO]
Successfully registered with fireamp cloud
[timestamp] FMC SF-IMS[25954]: [25954] SFDataCorrelator:FileExtract [INFO] Success-
fully registered with sandbox cloud
.
! Upon successful registration, management center is able to perform cloud lookup
and obtains updates. The following messages confirm a successful check for malware
database update.
.
[timestamp] FMC SF-IMS[25275]: [25275] CloudAgent:CloudAgent [INFO] ClamUpd, time to
check for updates
.
[timestamp] FMC SF-IMS[25275]: [25298] CloudAgent:CloudAgent [INFO] Nothing to do,
database is up to date
.
Figure 16-27 shows the DNS setting on the management interface of a management center. To find this page, go to System > Configuration and select Management Interfaces. Make sure the management center can communicate with the configured DNS server and resolve a domain name using this DNS server.
Figure 16-27 DNS Settings on a Management Center
Leave a Reply