Troubleshooting the Sensor¶
You've deployed the Soveren Sensor and everything should be working properly. However, if you don't see any data in the Soveren app, or something seems amiss, here are several troubleshooting steps you can follow.
Verifying the deployment¶
Ensure that you're running the latest version of the Soveren Sensor. You can verify this with the following command:
You can then compare the versions listed in the output with our customer success team for confirmation.
Refer to our current helm chart for all values that can be tuned up for Soveren Sensors, and for current images / components versions.
Next, it's advisable to confirm that all Soveren Sensor components have been successfully deployed:
In this command, soverenio
is the namespace where you've deployed the Sensor.
Ensure you observe all of the following:
interceptor
: There should be several instances, equal to the number of nodes in your cluster. Interceptors collect the traffic from nodes and relay it tokafka
.digger
: One instance, reads data fromkafka
, sends it to thedetection-tool
, collects results, and forwards relevant metadata to the Soveren Cloud.kafka
: Only one instance should exist, which receives traffic from theinterceptors
.detection-tool
: A single instance, performs the bulk of the work detecting sensitive data.prometheus-agent
: A single instance, monitors basic metrics from all other Sensor components.
In this command, soverenio-dar-sensor
is the namespace where you've deployed the Sensor.
Ensure you observe all of the following:
crawler
: One instance. Reads data from data sources, sends it to thedetection-tool
, collects results, and forwards relevant metadata to the Soveren Cloud.kafka
: Only one instance should exist.detection-tool
: A single instance, performs the bulk of the work detecting sensitive data.prometheus-agent
: A single instance, monitors basic metrics from all other Sensor components.
Additionally, ensure that all custom values specified in your values.yaml
have been incorporated into the deployment:
These commands offer a basic check of the Soveren Sensor setup's consistency
Be prepared to share the output of these commands when discussing issues with our customer success team.
Verifying individual components¶
If the basic setup appears correct but issues persist, consider inspecting individual components.
Checking Deployments and DaemonSet¶
First, review the configurations of each component:
These components are considered Deployments in Kubernetes, and the command provides detailed information about each.
Since Interceptors function as a Kubernetes DaemonSet, they require a different command:
Permissions required by Interceptors¶
If issues arise specifically with the Interceptors, such as difficulties transitioning to running mode, confirm they possess the requisite permissions:
The securityContext
must contain the following:
Also, ensure that the output includes:
Ensure the securityContext
for Interceptors is properly set
Interceptors listen to the host's virtual interfaces, necessitating their operation in privileged mode. Otherwise, they'll fail to capture traffic.
Checking pods¶
If a particular component raises concerns, delve deeper into its associated pods.
For pods by component:
To view all the Sensor's pods:
Checking logs¶
If a specific component seems problematic, consider inspecting its logs.
To view logs by component:
To investigate logs from individual pods of the sensor components:
This provides a list of POD_NAMES
associated with the component. You can then retrieve logs from a specific pod:
To enhance log verbosity, you may need to adjust the log level for the concerned component.