Identify why the agent is offline - Access Cloud Security Center| Alibaba Cloud Documentation Center

Identify why the agent is offline

Edit in GitHub

Last Updated: Mar 02, 2020 Edit in GitHub

After you install the Server Guard agent on your server, you can check the protection status of the server in the Security Center console. If this server is not protected, the agent is offline. This topic describes how to identify why the agent on a server is offline.

Prerequisites

You have logged on to your server.

Procedure

Log on to the server to check whether the processes related to the agent are running properly. The processes include AliYunDun and AliYunDunUpdate.
Note If the processes cannot run properly, we recommend that you restart your server or reinstall the agent. For more information about how to install the agent, see Install the Security Center agent.
- Windows OS
  Open Task Manager and check whether the processes are running.
- Linux OS
  Run the ps aux | grep AliYunDun command to check whether the processes are running.
After you install the agent on your server for the first time, if the protection status of the server is still Unprotected, perform the following operations to restart the agent.
- On a Linux-based server, run the following commands:
```
killall AliYunDun 
killall AliYunDunUpdate
/usr/local/aegis/aegis_client/aegis_10_xx/AliYunDun
```
  Note In the third line of the commands, replacexx with the greatest number among the numbers at the end of file names in the aegis_10_xx format. The greatest number indicates the latest version of the agent. You can view the files named in the aegis_10_xx format in the /usr/local/aegis/aegis_client directory. For example, if the directory contains aegis_10_70, aegis_10_73, and aegis_10_75, replace xx in the command with 75.
- On a Windows-based server, find Alibaba Security Aegis Detect Service and Alibaba Security Aegis Update Service in the service list. Right-click the services and choose Restart.
Check whether the network connection on your server is normal. After you run the following commands, if the information of your server is returned, the network connection is normal.
- The server has a public IP address, for example, a classic network IP address, an Elastic IP address, or an external server IP address.
  - For Windows OS, run the ping jsrv.aegis.aliyun.com -l 1000 command.
  - For Linux OS, run the ping jsrv.aegis.aliyun.com -s 1000 command.
- The server does not have a public IP address. For example, the server is connected to Finance Cloud or a VPC.
  - For Windows OS, run the ping jsrv3.aegis.aliyun.com -l 1000 command.
  - For Linux OS, run the ping jsrv3.aegis.aliyun.com -s 1000 command.
If the ping command does not work, try the following methods:
1. Make sure that the DNS service is running on your server. If the DNS service is not running, restart your server or check whether a DNS error has occurred.
2. Check whether firewall ACL rules or Alibaba Cloud security group rules have been configured on your server. If firewall rules or security group rules have been configured, make sure that the IP address of the Security Center server is added to both inbound and outbound whitelists. For more information about security group rules, see Create a security group. For more information about Cloud Firewall, see Access control over the Internet firewall.
  Note Allow the following CIDR blocks to access your server on port 80. For the last CIDR block, both port 80 and port 443 must be enabled.
  
  140.205.140.0/24 80
  
  106.11.68.0/24 80
  
  110.173.196.0/24 80
  
  106.11.68.0/24 80
  
  100.100.25.0/24 80 443
3. Check whether the public network bandwidth on your server is zero. If the public network bandwidth on your server is zero, try the following methods:
  1. Add the following DNS records to the hosts file on your server:
    - For a server connected to a classic network in mainland China: 100.100.110.61 jsrv.aegis.aliyun.com, 100.100.45.131 jsrv.aegis.aliyun.com, 100.100.110.62 update.aegis.aliyun.com, 100.100.45.29 update.aegis.aliyun.com
    - For a server connected to a classic network outside mainland China: 100.100.103.52 jsrv.aegis.aliyun.com, 100.100.30.54 jsrv.aegis.aliyun.com , 100.100.30.55 update.aegis.aliyun.com, 100.100.103.54 update.aegis.aliyun.com
  2. After you modify the hosts file, run the following command: ping jsrv.aegis.aliyun.com
    
    Note If 100.100.25.3 is not returned, restart your server or check whether a DNS error has occurred.
  3. If the ping command does not return expected results, find the conf folder under the Security Center agent installation directory, and change the values of t_srv_domain and h_srv_domain in the network_config file to 100.100.25.3 and 100.100.25.4. Restart the agent.
    
    Note Back up the network_config file before the modification.
    
    This method works only if the public network bandwidth on the server is zero and the protection status is Unprotected.
4. If the ping command returns the correct IP address, run a telnet command to connect to the IP address through port 80. For example, run the following command: telnet 140.205.140.205 80 If the connection fails, check whether any firewall rule exists.
Check whether the CPU usage or memory usage has been higher than 95% for a long period. High CPU or memory usage may prevent the agent from running properly.
Check whether third-party security software such as Fortinet have been installed on your server. Third-party security software may prevent the agent from accessing the network.

If security software is installed on your server, we recommend that you disable or uninstall the software and reinstall the agent.