McAfee M4050 Troubleshooting Guide - Page 9

McAfee® Network Security Platform 6.0 Preface  Did you make any changes in your environment/setup/configuration that may have introduced the issue? Manager-specific information We may ask you to use our troubleshooting tool, which is called InfoCollector. This tool will collect all Manager-related log files (For example, ems.log, emsout, output.bin, config back, and the Sensor trace file, if you have uploaded it to the Manager) and return them to us for analysis As of this writing, the tool is available at the following link: http://serviceweb/McAfee/backline/escalations/MER_TOOL/IPSInfoCollector.zip Sensor issues  the Sensor deployment configuration  information on the GBICs you are using with Sensor GE ports; this information is extremely helpful for troubleshooting link issues  the volume of traffic through the Sensor  in some cases, a network diagram (particularly for troubleshooting asymmetric traffic issues)  a Sensor trace file, which you can create using the process described in Providing a Sensor diagnostics trace.  Sensor operating mode (i.e., In-line, SPAN or TAP). This information can be obtained from: Sensor_Name > Interface > View Details  peer device port settings (For example, for Cisco switches/routers, you would provide the output of the show port [mod[/port] command.  Management port configuration (obtained by issuing a show mgmtport command) Signature set issues  the signature set and software versions you are running  the frequency at which you see the false positive  whether the alert condition is reproducible  policy configuration  alert evidence reports  traffic volume, if possible  traffic type  what software and systems are on the affected systems  your network topology ix