Mimecast Web Security: Mimecast Security Agent Diagnostic Data

Document created by user.oxriBaJeN4 Employee on Aug 30, 2018Last modified by user.oxriBaJeN4 Employee on Oct 16, 2018
Version 11Show Document
  • View in full screen mode

This guide describes how to gather diagnostic information on the Mimecast Security Agent (MSA) when errors occur during the installation or testing phase, and outlines the information gathered. There are separate instructions and diagnostic information gathered depending on the operating system being used.

 

Windows OS

 

Gathering Diagnostic Information

 

Mimecast Security Agent DiagnosticsTo gather agent diagnostic information on Windows OS:

  1. Click on the Mimecast Security Agent icon from the system tray.
  2. Click on the Diagnostics button.
  3. Click on the Export button. A "How We Collect Diagnostics" dialog is displayed.
  4. Click on the OK button. The folder selection dialog displays.
  5. Locate a folder and click on the Select Folder button.
  6. Specify a File Name for the diagnostics file. A timestamped .ZIP file is created in the selected folder (e.g. MSA-2018.09.21-09.54.50.zip).
  7. Email the .ZIP file to Mimecast Support. See the Raising a Mimecast Support Case page for further details.

 

Diagnostics Information Gathered

 

Unlike Mac OS (see below) Windows OS only collects and returns the product log files.

 

Mac OS

 

Gathering Diagnostic Information

 

MSA DiagnosticsTo gather agent diagnostic information on diagnostics on Mac OS:

  1. Click on the Mimecast Security Agent icon in the menu bar. The home drop down menu displays.
  2. Select the Diagnostics | Export menu item.
  3. Click on the Next button after reviewing the Mimecast data collection policies.
  4. Click the Export Diagnostics button to display the folder selection dialog.
  5. Click on Collect Diagnostics after selecting appropriate Diagnostic settings.
  6. Locate a known folder and click on Select Folder
    "Full Log Archive" collects information on all processes running on the system, while "Text file (less detailed)" collects information on the MSA processes. In most cases, the default settings should be used.
  7. The export process exports the .ZIP file on the desktop and automatically opens it in Finder. This may take a few minutes.
    MSA MAC Export
  8. Email the .ZIP file to Mimecast Support. See the Raising a Mimecast Support Case page for further details.

 

Diagnostic Information Gathered

 

On a Mac, the diagnostics information gathered includes:

  • Log Files: The diagnostic information in the log files is dependent on whether the log has been exported to a plain text file or the full log archive. If using the full log archive, a Mac OS administrator account is required.
    • Plain Text Files: The logs only contain messages that were created in the MSA's processes and our kernel extension. This includes those created directly by Mimecast's code and any generated by macOS code running in Mimecast's processes.
    • Full Log Archive: The logs contain all log messages created by all processes, as well as any created by the kernel and kernel extensions.

      We have no control over what information included in the log files by 3rd party applications, which may log sensitive information.

  • MSA Configuration Information: We collect the:
    • Customer token used by the account.
    • Policies and settings relevant to the MSA configured in the Administration Console.
    • Mimecast cloud DNS servers being used.
    • User's email address (only if they've logged into the MSA as opposed to using account wide settings.
    • Mimecast private keychain file containing the certificates being used for TLS connections.
      The private keychain contains the user's logon information, but the password to unlock the keychain isn't included. This means no one (including Mimecast or the originating user) can read it. We only say that the information exists, but not what it is.
  • General System Information including:
    • The MSA version, including the agent software and the kernel extension.
    • Information about the kernel extension to enable Mimecast to see it is working and correctly configured.
    • Which MSA processes were running at the time the diagnostics were collected.
  • Crash Reports: Any relevant crash reports from the user's Mac is collected including any:
    • For the MSA's own processes.
    • Kernel panic reports on the system. These allow us to see if there are any badly behaved kernel extensions that might be causing stability issues (e.g. from Apple's, the MSA, Sophos, SentinelOne, or other 3rd party solutions.
  • General System Information: The diagnostic collection creates a file called "System Info.txt", containing information about the hardware and software configuration of the Mac. This includes:
    • Hardware information (e.g. model and processor, memory, serial number, UUID).
    • Software information (e.g. Mac OS version, kernal version, computer name, user name).
    • Network configuration (e.g. networks listed in the system preferences).
    Due to the way this information is collected, it isn't possible to select exactly what is collected.
  • WiFi Configuration: Full details of all currently configured WiFi networks (if any) and all currently visible networks.
  • Firewall Settings: Full details of the Mac's firewall settings.
  • Power Information: Details of the Mac's battery and system power settings (e.g. time before the display or computer sleeps, whether the machine was plugged in).
  • DNS Configuration: Contains the DNS configuration as known to the OS.
  • Processes: A list of all running processes at the time the file was created.
  • Loaded Kernel Extensions: A list of all the kernel extensions loaded at the time the file was created, including the MSA extension, 3rd party extensions, and those built in to Mac OS.
  • Netstat Output: Lists the currently active internet connections (showing remote IP addresses) and active kernel control channels / sockets.
  • Power Manager Logs: Contains details of the power manager logs (e.g. when the Mac was sleeping / woke up, what applications were preventing sleep). This also summaries actual wake / sleep events since the machine was last booted.

 

See Also...

 

Attachments

    Outcomes