Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

HOWTO: How to use the Support Tool for Trustwave SPE

Expand / Collapse


This article applies to:

  • Trustwave SPE (MailMarshal SPE)

Question:

  • How do I use the Support Tool for Trustwave SPE?

Information:

The Marshal support tool has been developed to help the Trustwave Technical Support team gather information about a Trustwave SPE installation. The tool produces a single .zip file that contains essential information to help the support team debug specific issues.

The tool can gather information about Trustwave SPE, Trustwave SEG, IIS, Marshal virus scanners, and the Connector Agent.

  • Note: For help with the Support Tool for other Trustwave email products (Trustwave SEG, Trustwave ECM, WebMarshal, and MRC), see Q15024.

Installation

Download the latest version of the tool from https://www.marshal.com/supporttool/download (right click, save as. You may see a security warning). The tool will also attempt to update itself automatically, as noted below.

  • The current version of the tool (1.14 and above) is packaged with .NET 7 runtimes and does not have any software prerequisites.

Using the tool

    Repeat the following steps on each server of interest, as directed by Technical Support.

    1. Copy the tool to the server.
    2. Double click to run the tool.
      • Note: On startup, the tool checks for updates to functionality. This feature requires access to the URL http://www.marshal.com/supporttool/download
      • If the tool cannot connect to check for updates, it raises a warning. 
      • If necessary, retrieve the latest version manually as described above.
    3. The main window of the tool appears as shown below.

    4. Select the items to include, as directed. Clear the selections for items you do not want to include. See below for explanations of each selection.
    5. Choose an output directory.
    6. Click GO to run the tool. The tool gathers data into a folder, and then creates a single compressed file.
      • NOTE: This tool can require significant disk space, particularly if you include the SPE database statistics data. In rare cases it could consume all available space. If not enough space is present, the tool raises a warning: Not enough free space available to package into zip file.
    7. The status bar at the bottom of the window shows the progress. You can cancel the process if necessary.
    8. When the tool is finished, click Close to exit.
    9. Upload the file to Trustwave as directed by Technical Support.
      • Note: Wait for the tool to create the zip file. (The tool creates a temporary folder and then zips the content. Do not zip the folder manually - it will not contain all required items.)

    The fields on the window are defined as follows:

    Installed Components
    Shows the related software that is installed on this computer. Select the components for which you want to include detailed information such as logs and configuration details.
    • Installation logs (if any) are gathered for all selected components regardless of other selections.

    Items to gather

    System Information
    Includes a listing of the system hardware and operating system information.
    Current process details
    Includes a listing of processes running on the server.
    Configuration details
    Includes the XML or text files that define configuration of the selected software.
    Marshal Registry
    Includes a copy of the registry hive for all components that are present on the server.
    Marshal install directory listings
    Includes file and version information for files in the installation directories of all selected components. 
    • If this is a SEG processing node, optionally select Include Quarantine directory listing to list all messages in quarantine and archive (only if required, as the file will be much larger and take longer to generate).
    Event logs
    Includes Windows Event Log information. If you include the event logs, choose to include Application and/or System logs by checking the boxes.
    Gather specific message
    Attempts to include one or more mail message or Sent History files. Enter the first few characters of the message name (for example B89f00). This option is only available when running the tool on a SEG processing node.
    Log files
    Includes the text log files generated by the selected components. By default the last 5 days of logs are included. Use the menus to select the range of dates to include.
    Marshal Crash Dumps
    Includes one or more types of diagnostic information. Shows the number of each type that are available.
    Select the number of each type to include. The default is 1 of each available type. The most recent available are included.
    Most recent Marshal crash dumps
    Includes .mdmp files created by the selected components when recovering from an error.
    Most recent WER crash dumps
    Includes the Windows Error Reporting data from the recent issues.
    Most recent potentially fatal messages
    Includes email message files that are marked as suspect because they were being processed at the time of a crash.
    SPE database
    Include the SPE configuration and logging data as CSV files.

    Include statistics data
    Also include dashboard statistics from the SPE database.
    • Warning: Select these options only when directed. Including the SPE database (particularly the statistics data) can result in a very large file. In some cases it could consume all available disk space. If not enough space is present, the tool raises a warning: Not enough free space available to package into zip file.

    Output

    Output Directory
    Enter the location where the compressed file should be created. The default location is the desktop. Click [...] to browse the local computer.
    Support case number
    Enter the case number as provided by Technical Support.

    Version: The installed version of the Support Tool.

    Notes:

    • This tool simply gathers existing information from the system and logs.
      • There is no need to restart any services before or after running the tool (unless specifically requested by Technical Support).
      • The tool does not affect any running services and it does not require any downtime.
    • The tool runs as Administrator to ensure full access on servers where UAC is enabled.
    • The tool is able to gather information for Trustwave SPE (MailMarshal SPE) 3.0 and above.
    • The current version of the tool does not offer automatic upload. Support will provide instructions to upload to the Trustwave Portal.

    To contact Trustwave about this article or to request support:


    Rate this Article:
         

    Add Your Comments


    Comment submission is disabled for anonymous users.
    Please send feedback to Trustwave Technical Support or the Webmaster
    .