Troubleshooting Tip: Device profiler slow to register devices
Description
This article describes how to enable and collect debug logs if there are issues with Device Profiling Rules and the Device Profiler takes longer than expected to register the devices.
Scope
FortiNAC version: 8.x.
Solution
When a rogue device record is created, the device is evaluated against the active Device Profiling rules. The device is evaluated against each rule until a 'fail' or 'pass' result is reached. If the information required for a rule takes an extensive amount of time to retrieve, delays will be experienced. For more information on functionality, see the Device Profiler Configuration reference manual.
Rules requiring TCP/IP information: Rogues in networks without L3 polling enabled. For troubleshooting L3 polling, see Technical Tip: Troubleshooting Poll failures.
Methods requiring TCP/IP information:
- Location.
- Active.
- HTTP/HTTPS.
- IP Range.
- SNMP.
- SSH.
- TCP.
- Telnet.
- UDP.
- WinRM.
- WMI Profile.
- Passive.
- Persistent Agent.
Rules requiring DHCP Fingerprint information: DHCP traffic is not received in time. See this article: Technical Tip: DHCP Fingerprint Profiling Rule does not match upon initial connection.
Method requiring DHCP Fingerprint information:
DHCP Fingerprinting.
Diagnose:
Enable debugging to view rule evaluation activity.
- Enable ActiveFingerprint debug. In the Control Server CLI, enter the following command:
nacdebug -name ActiveFingerprint true
- Tail the output.nessus log. In the Application server CLI type:
tail -F /bsc/logs/output.nessus | tee <filename>.txt
-
Connect a new host to the network.
-
Type CTRL-C to stop the tail.
Related articles: