Skip to main content
NetApp Knowledge Base

AIQCASecure workings in the ActiveIQ Unified Manager server

  1. Last updated
  2. Save as PDF
Views:
621
Visibility:
Public
Votes:
0
Category:
active-iq-unified-manager
Specialty:
om
Last Updated:

Applies to

  • Active IQ ConfigAdvisor Secure (AIQCASecure)
  • Active IQ Unified Manager (AIQUM)
  • Active IQ Digital Advisor (AIQ DA)

Answer

Question Answers
What is AIQCASecure in AIQUM?
  • AIQUM is integrated with Active IQ Config Advisor using a utility called aiqcasecure.
  • AIQUM provides recommendations and updates on all ONTAP risk as detected by Active IQ Config Advisor after enabling the Active IQ Portal Events in AIQUM

 
What is the difference between Active IQ Digital Advisor and Active IQ Unified Manager? See the KB: What is the difference between Active IQ Digital Advisor and Active IQ Unified Manager?
What are the events created by "aiqcasecure"?

There are two types of events in AIQUM

  1. Events created by polling (inventory/performance/ems), normal monitoring events created by AIQUM
    • Events are called aiq um events
  2. Events created by CA (aiqcasecure), they are also called as Active IQ Portal Events
    • aiqcasecure look up the information using rules
    • aiqcasecure have collect / failure of 570 events
    • The collection works once in a day
    • Events are called aiq portal event
What are the components of aiqcasecure?

AIQCASECURE have three components

  1. Collector
    • Collecting the asup from controller spi
      • UM triggers the configadvisor collection (aiqcasecure) at midnight (12:15 AM)
      • ConfigAdvisor is a CLI utility (aiqcasecure) that is bundled together with AIQUM
      • CA in AIQUM only collect asup after midnight of cluster date and time, it does not use AIQUM date/time.
      • ASUP is directly collected from cluster SPI , example [https://cluster_mgmt_lif/spi/node/etc/log/autosupport/202208240018.0.files]
      • Weekly and Management asup files are collected from cluster spi
  2. Parser
    • Will parse the asup files and have the necessary data collected / populated
  3. Evaluator
    • Evaluator will applies the rules/checks against the parse data to determine the risk.
What are AIQCASECURE rules files and how to download and update them?

aiqcasecure have two rules files rules.zip and secure_rules.zip

  1. Rules.zip [open site]
    • These rules are available to all aiqum server if they are able to access the internet sites (open sites)
    • AIQUM server will automatically download this rules.zip file
  2. Secure_rules.zip [dark sites]
    • Note: There are more than one way to download the secure_rules.zip file
      • secure_rules.zip can be downloade from NetApp site https://mysupport.netapp.com/api/content-service/staticcontents/content/public/tools/unifiedmanager/ca/secure_rules.zip
      • second way go to documentation site
        • https://docs.netapp.com/us-en/active-iq-unified-manager/events/task_upload_new_active_iq_rules_file.html
        • Note select the version of your AIQUM and download the secure_rules.zip file
    • There are two ways to update the secure_rules.zip file for dark sites AIQUM servers
      1. From AIQUM GUI
        • AIQUM > Settings > Storage Management > Event Setup > Upload Rules
      2. From AIQUM CLI
        • upload the secure_rules.zip to a /tmp folder
        • cd /opt/netapp/ocum/configadvisor/AIQCASecure/
        • su jboss
        • /aiqcasecure rules -ur /tmp/secure_rules.zip
How to disable the aiqcasecure rule from AIQUM?
  • At this time we do not have an option to disable individual aiqcasecure rule from AIQUM
  • You do have an option to disable the Active IQ Portal Events from AIQUM > Settings > General > Feature Settings > Active IQ Portal Events > On or Off
    • Note: This will disable all rules.
How often aiqcasecure rules files get updated?
  • AIQUM rules package matches the config advisor, but update happens in 30 days or more (somtimes months)
  • Config advisor runs the same rules as aiqum server, but when the fix happen CA get updated the same or next day with the new rules package but AIQUM didnt get updated until months.
AIQCASECURE data and log files location in AIQUM?

Aiqcasecure data and log files location

  • Aiqcasecure data location: /var/log/ocie/recording/AIQCASecureData/collected_data
    • ONTAP ASUP and Result folder
      • collected_data folder holds other important asup data files and json file that is the result of aiqcasecure analysis against the asup files
        • Risk (json file) can be seen under this path
          • /var/log/ocie/recording/AIQCASecureDataResults/collected_data/Results/clusternameorip/nodenameorip/nodename/202209130015.0.files/Rule\ Results/202209130015.0.files_rule_results.json
        • AIQUM collect cluster asup files directly from cluster SPI which will be located here
          • /var/log/ocie/recording/AIQCASecureData/collected_data/cluster/cluster_mgmt_lif/node/202208240018.0.files
            • NOTE: The cluster asup files location on a cluster through SPI, these are the same files AIQUM fetch every morning at 00:15
              • https://cluster_mgmt_ip/spi/node_name/etc/log/autosupport/
    • Aiqcasecure logs location > /var/log/ocie/recording/AIQCASecureData/collected_log
      • In AIQUM 9.11 and above > /var/log/ocie/recording/AIQCASecureData/collected_log/ConfigAdvisorAIDE/Logs/
      • In AIQUM 9.10 and below > /var/log/ocie/recording/AIQCASecureData/collected_logs
How to check the rules version for aiqcasecure in AIQUM?
  • If we want to see the present aiqcasecure rule version, we can perform the following
    • cd /opt/netapp/ocum/configadvisor/AIQCASecure/
    • su jboss
    • ./aiqcasecure rules -rv
    • NOTE: it is important to switch user to jboss, reason if we execute ./aiqcasecure rules -rv as root then it will change the file permissions and then later on the utility aiqcasecure will not be able to execute
How to determine aiqcasecure risk get created by looking at the aiqcasecure logs?
  • locate the JSON file
    • /var/log/ocie/recording/AIQCASecureData/collected_data/Results/clustername_ip/nodename_ip/nodename/202209080014.0.files/Rule\ Results/202209080014.0.files_rule_results.json
  • Parse the json file either either using notepad++ with json module or use any json readable site
  • look up result_code for each rules in json file
    • "result_code": 0        
      • [pass] no events/risks
    • "result_code": 1        
      • [failed] whenever we see the result_code "1", this will trigger an event in AIQUM
    • "result_code": -1
      • [not applicable] meaning data is not present or the rules does not apply to this version of ONTAP

 

Additional Information

Related KB's:

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.