안녕하세요.

 

FTD 또는 FMC 문제를 해결할 때 각 서비스의 시작 상태를 확인하거나 문제를 격리하기 위해 서비스를 일시적으로 재시작, 중지 또는 시작해야 할 수 있으며, 이러한 경우 pmtool 기능이 사용됩니다.

아래 pmtool 의 일반적인 사용 방법에 대해 설명해드릴 예정입니다.

 

A)  root 에서 실행방법 (FTD/FMC)

 

a-1) CLISH 에서 expert 실행

       > expert

 

a-2) "sudo su -" 실행하여 root mode 로 변환

        admin@firepower:~$ sudo su -

        Password:

        root@firepower:~# 

 

a-3) pmtool status 명령을 사용하여 서비스 상태 확인이 가능합니다. 하지만 출력량이 많으므로 하기 명령어를 사용하여 하는 것을 추천합니다.

FTD:

root@firepower:~# pmtool status | grep " - "

loggerd (system) - Running 12216

SFDataCorrelator (normal) - Running 12556

expire-session (normal) - Running 12557

TSS_Daemon (normal) - Running 12558

snapshot_manager (normal) - Running 12559

mysqld (system,gui,mysql) - Running 12217

httpsd (system,gui) - Waiting

idhttpsd (system,gui) - Waiting

sfmb (normal) - Running 12224

sftunnel (system) - Running 12225

sfmgr (system) - Running 12227

sfmbservice (normal) - Running 12228

fpcollect (normal) - Running 12549

Syncd (normal) - Running 12550

Pruner (normal) - Running 12551

ReconcileState (system) - Running 12229

ActionQueueScrape (system) - Running 12552

rotate_stats (normal) - Running 12553

run_hm (normal) - Running 12230

sfestreamer (normal) - Waiting

sfipproxy (normal) - Running 12231

sftop (normal) - Running 12232

core-compressor (normal) - Waiting

detectionhealthd (normal) - Running 12233

rrd_server (normal) - Running 12234

snmpd (normal) - Waiting

sfhassd (normal) - Running 12235

diskmanager (normal) - Running 12236

adi (normal) - Running 12237

adi_proxy (normal) - Waiting

bltd (normal) - Running 12238

pdts_proc (system) - Running 12239

ndmain (normal) - Running 12240

ndclientd (normal) - Running 12241

logmonitor (normal) - Running 12242

sfifdmonitor (normal) - Running 12243

ngfwManager (normal) - Running 65319

ASAConfig (normal) - Running 14107

tomcat (normal) - Waiting

CloudAgent (system) - Waiting

beakerd (system) - Waiting

stunnel (normal) - Waiting

UEChanneld (normal) - Waiting

SSEConnector (system) - Waiting

rsyncd (normal) - Waiting

dhcpd (normal) - Waiting

EventHandler (normal) - Running 12554

vaultApp (system) - Waiting

hmdaemon (normal) - Running 14108

rdnssd (normal) - Waiting

lina (system) - Running 12244

srt (system) - Waiting

cgroup_monitor (normal) - Running 12246

service_monitor (system) - Waiting

b5858c54-c0ce-11ee-9679-f574aa26c4b3 (de,snort) - Running 57965

 

FMC:

root@FMC4600:~# pmtool status | grep " - "

SFDataCorrelator (normal) - Running 8649

CloudAgent (system) - Running 12765

beakerd (system) - Running 13323

UIMP (normal) - Running 7730

SFDCNotificationd (normal) - Running 5616

TSS_Daemon (normal) - Running 7732

HostInput_Daemon (normal) - Waiting

mysqld (system,gui,mysql) - Running 5790

monetdb (system,gui) - Running 6710

MonetDB_Monitor (system) - Running 39221

httpsd (system,gui) - Running 6717

cgroup_monitor (system) - Running 6719

sshd_monitor (normal) - Running 6761

DCCSM (system,gui) - Running 6763

RabbitMQ (normal) - Running 6765

MessageService (normal) - Running 7758

Tomcat (system,gui) - Running 7760

VmsBackendServer (system,gui) - Running 7973

CSMEventServer (system) - Running 8228

sfmb (normal) - Running 7016

sftunnel (system) - Running 25097

sfmgr (system) - Running 25098

sfmbservice (normal) - Running 25101

sfestreamer (normal) - Running 25864

estreamer-sftunnel (normal) - Running 25103

SFRemediateD (normal) - Running 7078

fpcollect (normal) - Running 7080

ntpd (normal) - Running 7082

Syncd (normal) - Running 7084

expire-session (normal) - Running 7086

Pruner (normal) - Running 7088

ReconcileState (system) - Running 7090

fireamp (normal) - Waiting

stunnel (normal) - Running 13203

ActionQueueScrape (system) - Running 7092

PerlMessageHandler (system) - Running 7094

run_hm (normal) - Running 7096

update_snort_attrib_table (normal) - Running 7099

snapshot_manager (normal) - Running 7102

SFNotificationd (normal) - Running 7107

SFTop10Cacher (normal) - Running 8230

sfipmid (normal) - Running 8232

sfipproxy (normal) - Running 25105

sftop (normal) - Running 8236

sfiotop (normal) - Running 8238

core-compressor (normal) - Running 8240

rrd_server (normal) - Running 8242

snmpd (normal) - Running 4526

vjdbc (normal) - Waiting

query_scheduler (normal) - Running 8244

diskmanager (normal) - Running 8246

diskmonitor (normal) - Running 8248

sla (normal) - Running 8651

adi (normal) - Running 9961

Seshat (normal) - Running 9756

Eventds (normal) - Running 9963

memcached (normal) - Running 9965

mojo_server (system,gui) - Running 9967

mongo (system) - Running 9969

redis (system) - Running 10720

tid (normal) - Running 10913

SSEConnector (system) - Running 25862

TelemetryApp (system) - Running 2664

auth-daemon (system) - Running 25964

CSDApp (system) - Waiting

VaultApp (system) - Running 9978

Prometheus (system) - Running 10708

hms (normal) - Running 10710

hmdaemon (normal) - Running 10712

dockerd (system) - Running 10715

rdnssd (normal) - Running 11110

EventHandler (normal) - Waiting

logmonitor (normal) - Running 10884

datadog-agent (normal) - Waiting

datadog-process-agent (normal) - Waiting

datadog-system-probe (normal) - Waiting

osquery (normal) - Waiting

monitor_interface_speed (normal) - Waiting

populate_ipmi_snmp_data (normal) - Running 10886

sfsnmp_fmc (normal) - Running 10888

sspos_snmp_subagentd (normal) - Running 4528

ssp_snmp_trap_fwdr (normal) - Running 4530

upg_workflow_robot (system) - Waiting

rsyncd (normal) - Waiting

csdac (normal) - Waiting

 

a-4) Waiting 상태의 서비스를 확인하려면 아래 명령어를 실행하여 확인 가능합니다.

FTD:

root@firepower:~# pmtool status | grep -i "waiting"

httpsd (system,gui) - Waiting

idhttpsd (system,gui) - Waiting

sfestreamer (normal) - Waiting

core-compressor (normal) - Waiting

snmpd (normal) - Waiting

adi_proxy (normal) - Waiting

tomcat (normal) - Waiting

CloudAgent (system) - Waiting

beakerd (system) - Waiting

stunnel (normal) - Waiting

UEChanneld (normal) - Waiting

SSEConnector (system) - Waiting

rsyncd (normal) - Waiting

dhcpd (normal) - Waiting

vaultApp (system) - Waiting

rdnssd (normal) - Waiting

srt (system) - Waiting

service_monitor (system) – Waiting

 

FMC:

root@fmc:~# pmtool status | grep -i "waiting"

HostInput_Daemon (normal) - Waiting

fireamp (normal) - Waiting

vjdbc (normal) - Waiting

CSDApp (system) - Waiting

EventHandler (normal) - Waiting

datadog-agent (normal) - Waiting

datadog-process-agent (normal) - Waiting

datadog-system-probe (normal) - Waiting

osquery (normal) - Waiting

monitor_interface_speed (normal) - Waiting

upg_workflow_robot (system) - Waiting

rsyncd (normal) - Waiting

csdac (normal) - Waiting

 

a-5) Running 상태가 아닌 서비스를 확인할 경우 하기 명령어를 실행하여 확인 가능합니다.

FTD:

root@firepower:~# pmtool status | grep " - " | grep -i -v "running"

httpsd (system,gui) - Waiting

idhttpsd (system,gui) - Waiting

sfestreamer (normal) - Waiting

core-compressor (normal) - Waiting

snmpd (normal) - Waiting

adi_proxy (normal) - Waiting

tomcat (normal) - Waiting

CloudAgent (system) - Waiting

beakerd (system) - Waiting

stunnel (normal) - Waiting

UEChanneld (normal) - Waiting

SSEConnector (system) - Waiting

rsyncd (normal) - Waiting

dhcpd (normal) - Waiting

vaultApp (system) - Waiting

rdnssd (normal) - Waiting

srt (system) - Waiting

service_monitor (system) – Waiting

 

FMC:

root@FMC4600:~# pmtool status | grep " - " | grep -i -v "running"

HostInput_Daemon (normal) - Waiting

fireamp (normal) - Waiting

vjdbc (normal) - Waiting

CSDApp (system) - Waiting

EventHandler (normal) - Waiting

datadog-agent (normal) - Waiting

datadog-process-agent (normal) - Waiting

datadog-system-probe (normal) - Waiting

osquery (normal) - Waiting

monitor_interface_speed (normal) - Waiting

upg_workflow_robot (system) - Waiting

rsyncd (normal) - Waiting

csdac (normal) - Waiting

 

a-6) GUI 서비스를 확인할 경우 하기 명령어를 실행하여 확인 가능합니다.

FTD:

root@firepower:~# pmtool status | grep -i "gui"                       

mysqld (system,gui,mysql) - Running 12217

httpsd (system,gui) - Waiting

idhttpsd (system,gui) – Waiting

 

FMC:

root@fmc:~# pmtool status | grep "gui"

mysqld (system,gui,mysql) - Running 8277

monetdb (system,gui) - Running 8441

httpsd (system,gui) - Running 8448

DCCSM (system,gui) - Running 8453

Tomcat (system,gui) - Running 9857

VmsBackendServer (system,gui) - Running 10015

mojo_server (system,gui) - Running 10767

 

a-7) Snort 서비스를 확인할 경우 하기 명령어를 실행하여 확인 가능합니다.

FTD:

root@firepower:~# pmtool status | grep " - " | grep -i "snort"    

b5858c54-c0ce-11ee-9679-f574aa26c4b3 (de,snort) - Running 57965

 

a-8) 서비스가 Waiting 상태로 지속이 되고 Running 상태로 변하지 않을 경우 해당 서비스를 재시작하여 상태 확인가능합니다. 

예를 들면 SFDataCorrelator 서비스를 재시작 할 경우 하기 명령으로 실행합니다.

root@firepower:~# pmtool RestartByID SFDataCorrelator

 

a-9) 특정 서비스 정지 및 재 시작이 필요할 경우 하기 명령으로 실행합니다.

root@firepower:~# pmtool DisableByID SFDataCorrelator

root@firepower:~# pmtool EnableByID SFDataCorrelator

 

예:

root@firepower:~# pmtool status | grep -i "SFDataCorrelator"

SFDataCorrelator (normal) - Running 14866

Command: /ngfw/usr/local/sf/bin/SFDataCorrelator --nodaemon

PID File: /ngfw/var/sf/run/SFDataCorrelator.pid

Enable File: /ngfw/etc/sf/SFDataCorrelator.run

CGroups: memory=System/SFDataCorrelator(enrolled)

Required by: SFDataCorrelator,expire-session,TSS_Daemon,snapshot_manager,fpcollect,Syncd,Pruner,ActionQueueScrape,rotate_stats,sfestreamer,tomcat,EventHandler

 

root@firepower:~# pmtool DisableByID SFDataCorrelator

 

root@firepower:~# pmtool status | grep -i "SFDataCorrelator"

SFDataCorrelator (normal) - User Disabled

Command: /ngfw/usr/local/sf/bin/SFDataCorrelator --nodaemon

PID File: /ngfw/var/sf/run/SFDataCorrelator.pid

Enable File: /ngfw/etc/sf/SFDataCorrelator.run

CGroups: memory=System/SFDataCorrelator

Required by: SFDataCorrelator,expire-session,TSS_Daemon,snapshot_manager,fpcollect,Syncd,Pruner,ActionQueueScrape,rotate_stats,sfestreamer,tomcat,EventHandler

 

root@firepower:~# pmtool EnableByID SFDataCorrelator

 

root@firepower:~# pmtool status | grep -i "SFDataCorrelator"

SFDataCorrelator (normal) - Running 29691

Command: /ngfw/usr/local/sf/bin/SFDataCorrelator --nodaemon

PID File: /ngfw/var/sf/run/SFDataCorrelator.pid

Enable File: /ngfw/etc/sf/SFDataCorrelator.run

CGroups: memory=System/SFDataCorrelator(enrolled)

Required by: SFDataCorrelator,expire-session,TSS_Daemon,snapshot_manager,fpcollect,Syncd,Pruner,ActionQueueScrape,rotate_stats,sfestreamer,tomcat,EventHandler

 

b) CLISH 에서 실행(FTD)

> pmtool ?

  checkdestatus      pmtool checkdestatus

  criticalstatus     pmtool criticalstatus

  disablebyid        pmtool disablebyid

  disablebytype      pmtool disablebytype

  disabledechanges   pmtool disabledechanges

  enablebyid         pmtool enablebyid

  enablebytype       pmtool enablebytype

  enabledechanges    pmtool enabledechanges

  hupbyid            pmtool hupbyid

  hupbytype          pmtool hupbytype

  processhealth      pmtool processhealth

  reconfigalleps     pmtool reconfigalleps

  reconfigdetection  pmtool reconfigdetection

  reconfigepsforde   pmtool reconfigepsforde

  restartbyid        pmtool restartbyid

  restartbytype      pmtool restartbytype

  show               pmtool show

  status             pmtool status

  stopdesnofo        pmtool stopdesnofo

  write              pmtool write

 

감사합니다.