Security Center: Troubleshoot anti-ransomware agent and tasks - Security Center

If the anti-ransomware agent, backup tasks, or policy tasks fail, Security Center cannot protect your important files. Troubleshoot these issues immediately to prevent data loss from ransomware attacks. This topic describes how to troubleshoot issues with the anti-ransomware agent and backup tasks after you create an anti-ransomware policy for a server.

Client exceptions

View client exception causes

Log on to the Security Center console.
In the left-side navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware. In the upper-left corner of the console, select the region where your protected assets are located: Chinese Mainland or Outside Chinese Mainland.
On the Anti-ransomware for Servers or Anti-ransomware for Databases tab, click the icon next to a policy name to view all servers associated with the policy.
Click the icon to the right of the exception message to view the cause of the exception.
Use the information in the Error Details dialog box to resolve the exception.

Causes and solutions for client exceptions

Note

The following procedures use Anti-ransomware for Servers as an example.

Error code: CLOUD_ASSIST_NOT_RUN

Error details: Cloud Assistant is not enabled.
Cause: Cloud Assistant is not running properly.
Solution: Log on to the ECS Management Console to check whether the Cloud Assistant service is running. For more information, see Troubleshoot Cloud Assistant issues.

Error code: RoleNotExist

Error details: Authorization issue.
Cause: Insufficient account permissions.
Solution: Log on to the Security Center console with your Alibaba Cloud account (main account) or a RAM user that has the AliyunRAMFullAccess permission. On the Anti-ransomware for Servers tab, click Authorize Now to grant the AliyunServiceRoleForHbrEcsBackup and AliyunServiceRoleForSas roles to the current account.

Error code: CLIENT_CONNECTION_ERROR

Error details: Client connection error. Check the network connectivity of the ECS instance and try again.
Cause: A network connection failed.
Solution:
1. Check whether third-party antivirus software is installed on the server. If so, uninstall the software.
2. On the ECS server, use the ping or telnet command to check the network connectivity to the anti-ransomware network access point and check whether a firewall policy is configured. For more information about the anti-ransomware network access point, see Network access points.
3. After you resolve the network connection issue, reinstall the client:
  1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
    
    Note
    After the uninstall is complete, the client status is displayed as Not Installed.
  2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: ECS_ROLE_POLICY_NOT_EXIST

Error details: The ECS role is missing the AliyunECSAccessingHBRRolePolicy policy.
Cause: The RAM role that is associated with the ECS instance is missing the AliyunECSAccessingHBRRolePolicy policy, which causes the client installation to fail.
Solution: After resolving the permission policy issue, reinstall the anti-ransomware client:
1. Attach the AliyunECSAccessingHBRRolePolicy policy to the RAM role of the ECS instance. For more information, see Client installation fails with the error "The AliyunECSAccessingHBRRolePolicy is missing from the EcsRamRole".
2. Log on to the Security Center console. On the Anti-ransomware for Servers tab, find the target server and click Install in the Actions column to reinstall the anti-ransomware client.
Important
After you attach a RAM role to an ECS instance, the anti-ransomware client is not automatically reinstalled.

Error code: CHECK_ACTIVATION_COMMAND_TIMEOUT

Error details: The activation check command timed out.
Cause: The anti-ransomware client installation timed out.
Solution: Reinstall the anti-ransomware client:
1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
  
  Note
  After the uninstall is complete, the client status is displayed as Not Installed.
2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: ECS_STOPPED

Error details: The ECS instance is stopped.
Cause: The ECS instance is stopped, which causes the client installation to fail.
Solution: Start the ECS instance and then install the anti-ransomware client:
1. Log on to the ECS Management Console and start the ECS instance. For more information, see Start an instance.
2. Log on to the Security Center console. On the Anti-ransomware for Servers tab, find the target server and click Install in the Actions column to reinstall the anti-ransomware client.

Error code: UNINSTALL_FAILED

Error details: Failed to uninstall the client.
Cause: A Cloud Assistant command timed out, which causes the client uninstallation to fail.
Solution: Reinstall the anti-ransomware client:
1. Log on to the Security Center console. On the Anti-ransomware for Servers tab, find the server where the client uninstallation failed and click Delete in the Actions column.
  Note
  It takes about two minutes to remove the server from the protection policy.
2. Add the ECS server back to the previous protection policy. For more information, see Modify a protection policy.
3. On the Anti-ransomware for Servers tab, find the target server and click Install in the Actions column to reinstall the anti-ransomware client.

Error code: INSTALL_FAILED

Error details: Installation failed.
Cause: A Cloud Assistant command timed out, which causes the client installation to fail.
Solution:
1. Make sure that the Security Center agent on the target server is online. In the protection policy's server list, you can hover over the target server to view its Agent Status. If the agent is offline, see Troubleshoot issues that cause the agent to be offline for troubleshooting instructions.
2. Reinstall the anti-ransomware client:
  1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
    
    Note
    After the uninstall is complete, the client status is displayed as Not Installed.
  2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: UPGRADE_FAILED

Error details: Upgrade failed.
Cause: The client upgrade failed.
Solution: Reinstall the anti-ransomware client:
1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
  
  Note
  After the uninstall is complete, the client status is displayed as Not Installed.
2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: AGENT_NOT_RUN_AFTER_INSTALLATION

Error details: The service did not start after installation.
Cause: Residual registry entries from a previous uninstallation prevent the new client from starting.

Solution: Clear the registry entries and then reinstall the client:

Log on to the Security Center console. On the Anti-ransomware for Servers tab, find the target server and click Uninstall in the Actions column to uninstall the anti-ransomware client.
Note
After the uninstallation is complete, the client status is displayed as Not Installed.

Clear the following registry entries based on the protection policy version.

For V1.0 protection policies:

# V1 client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hybridbackup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrupdater

For V2.0 protection policies:

# V2 client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrclient
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrclientupdater
HKEY_LOCAL_MACHINE\SOFTWARE\Alibaba, Inc.\Aliyun Hybrid Backup Service Client
# For 64-bit systems only
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1F066FC-D85C-46F8-9ED7-88A4385AF9A6}}_is1
# For 32-bit systems only
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A3FBAB2-A9B0-4F3B-951A-ABC72D58BA6D}}_is1

On the Anti-ransomware for Servers tab, find the target server and click Install in the Actions column to reinstall the anti-ransomware client.

Error code: FAILED_TO_DOWNLOAD_INSTALLER

Error details: Failed to download the installation package.
Cause: The installation package failed to download because of a network connection failure.
Solution: Resolve the network connection issue and reinstall the client:
1. On the ECS server, use the ping or telnet command to check the network connectivity to the anti-ransomware network access point and check whether a firewall policy is configured. For more information about the anti-ransomware network access point, see Network access points.
2. After resolving the network connection issue, log on to the Security Center console. On the Anti-ransomware for Servers tab, find the target server and click Install in the Actions column to reinstall the anti-ransomware client.

Error code: PRECHECK_COMMAND_FAILED

Error details: The precheck command failed.
Cause: The Cloud Assistant command timed out.
Solution: Reinstall the anti-ransomware client:
1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
  
  Note
  After the uninstall is complete, the client status is displayed as Not Installed.
2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: INSTALL_COMMAND_TIMEOUT

Error details: The installation command timed out.
Cause: The client installation command timed out, which causes the client installation to fail.
Solution: Reinstall the anti-ransomware client:
1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
  
  Note
  After the uninstall is complete, the client status is displayed as Not Installed.
2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: ServiceUnavailable

Error details: ServiceUnavailable.
Cause: An authorization issue occurred or the QPS limit was exceeded.
Solution:
Log on to the Security Center console with your Alibaba Cloud account (main account). On the Anti-ransomware for Servers tab, click Authorize Now to grant the AliyunServiceRoleForHbrEcsBackup and AliyunServiceRoleForSas roles to the current account.

Error code: CONFLICT_WITH_EXISTING_AGENT

Error details: Conflict with an existing agent.
Cause: A conflict exists with an existing client on the server.
Solution: Reinstall the anti-ransomware client:
1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
  
  Note
  After the uninstall is complete, the client status is displayed as Not Installed.
2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: ACTIVATE_COMMAND_FAILED

Error details: An unexpected error occurred on the client. You can reinstall the client to restore service.
Cause: An exception occurred on the client.
Solution: Reinstall the anti-ransomware client:
1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
  
  Note
  After the uninstall is complete, the client status is displayed as Not Installed.
2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: CHECK_RUNNING_COMMAND_FAILED

Error details: Failed to run the command to check whether the service has started.
Cause: An exception occurred on the service.
Solution: Reinstall the anti-ransomware client:
1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
  
  Note
  After the uninstall is complete, the client status is displayed as Not Installed.
2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: INSTALL_COMMAND_FAILED

Error details: Failed to run the installation command.
Cause: Security software on the server is blocking the anti-ransomware client installation.
Solution:
1. Uninstall the security software from the server.
2. Log on to the Security Center console. On the Anti-ransomware for Servers tab, find the target server and click Install in the Actions column to reinstall the anti-ransomware client.

Error code: InstanceHasBeenProtectedByAir

Error details: An unexpected error occurred on the client. You must reinstall the client.
Cause: A backup conflict occurred between Cloud Backup and the anti-ransomware feature of Security Center.
Solution: Check whether Cloud Backup is enabled. If Cloud Backup is enabled, the installation cannot be completed because Cloud Backup is incompatible with the anti-ransomware feature of Security Center. Both services provide data backup capabilities. We recommend that you use only one of these services for data backup.
- For more information about how to install and uninstall the anti-ransomware client, see Create a protection policy and install the client.
- For more information about how to enable and uninstall the Cloud Backup client, see Enable Cloud Backup and Uninstall the Cloud Backup client.

Troubleshoot backup job issues

Cause of backup failures

Log on to the Security Center console.
In the left-side navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware. In the upper-left corner of the console, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.
In the upper-right corner of the Anti-ransomware page, click Backup Tasks.
In the Backup Tasks panel, select the Server Backup Task or Database Backup Task tab. Add a filter with Status set to Failed, and then click the search icon.
Click the icon in the Status column of the target backup job to view the cause of the failure.
Based on the information in the Error Details dialog box, refer to the following sections in this topic to resolve the backup job issue.

Causes and solutions

Server anti-ransomware

Error code: EXPIRED

Error details: Backup timed out.
Cause:
- A server network issue occurred.
- Restarting the server during a backup job stops the job.
- The ECS instance is stopped.
- The backup job timed out because too many files were being backed up.
- The client is outdated.
Solution:
- Troubleshooting network issues: Check the backup logs for MQTT Connection Lost. messages and optimize the server's network configuration.
- Troubleshooting ECS offline issues: Check whether the ECS instance is online or if any restart tasks were scheduled during the backup window.
- If there are too many files to back up: Modify the backup policy to exclude directories that do not need to be backed up.

Error code: SOURCE_NOT_EXIST

Error details: The backup source path does not exist.
Cause: The backup directory specified in the protection policy does not exist.
Solution: Reconfigure the backup directory in the protection policy.

Error code: OPEN_VAULT_FAILED

Error details: Failed to open the backup vault.
Cause:
- Failed to access OSS during backup.
- The server's local time is significantly skewed from the OSS service time.
Solution:
- In the hbrclient.log file on the ECS instance, find the OSS endpoint. The endpoint is in the format oss-xxx.aliyuncs.com or oss-xxx-internal.aliyuncs.com. On the ECS instance, run the ping or telnet command to check network connectivity to the OSS endpoint.
- Check whether your firewall and security group rules allow network requests from the anti-ransomware client.
- Check whether security software is blocking network connections.
- If the client backup log contains the message ErrorCode=RequestTime TooSkewed, ErrorMessage="The difference between the request time and the current time is too large.", there is a significant time skew. Check the local time on your server. If it differs from the OSS service time by more than 15 minutes, adjust the server time to match the OSS service time. The OSS service time corresponds to the time zone of the region where your ECS instance is located. For example, the time zone is Beijing time (UTC+8) for regions in the Chinese mainland and the local time zone for regions outside the Chinese mainland. After you adjust the time, run the following command on the server to restart the anti-ransomware client:
```
systemctl restart hbrclient
```

Error code: INTERNAL_ERROR / InternalError

Error details: Internal error.
Cause: An internal backup error occurred in the anti-ransomware client. This issue typically occurs with V1.0 client protection policies.
Solution: On the Anti-ransomware page, find the V1.0 protection policy and click Upgrade in the Actions column to upgrade the policy to V2.0.

Error code: killed

Error details: The backup process was terminated by the system.
Cause: The system terminated the backup process due to high CPU or memory usage.
Solution: Log on to the ECS console. On the instance details page, go to the Monitoring tab and check the CPU and memory usage during the backup window. If the backup process consumes excessive resources, you can limit the resources that the backup client uses. For more information, see Resolve OOM issues for the backup client.

Error code: CreateSnapshotFailed

Error details: Failed to create a backup snapshot at the end of the backup job.
Cause: This typically occurs if OSS is accessible during the backup process but becomes inaccessible when the backup job finishes.
Solution: Log on to OSS, verify your configurations, and then retry the backup job.

Error code: CONNECT_TO_VAULT_FAILED

Error details: Failed to connect to the backup vault.
Cause: Failed to access OSS during backup.
Solution: Check your network configuration. In the hbrclient.log file on the ECS instance, find the OSS endpoint. The endpoint is in the format oss-xxx-internal.aliyuncs.com. On the ECS instance, run the ping or telnet command to check network connectivity to the OSS endpoint.

Error code: AppError: ErrorCode=TooManyConcurrentJobs, ErrorMessage=TooManyConcurrentJobs

Error details: Too many backup jobs are running on this machine. A new backup job cannot be started.
Cause: This issue occurs when a new backup job starts before the previous one finishes. This can be caused by large data volumes or slow backup speeds.
Solution: Try the following solutions:
- Increase the backup interval, or exclude unnecessary directories and files when you configure the protection policy.
- If historical backup data is not required, remove the server from the protection policy. For more information, see Manage servers in a protection policy.
- Re-add the server to the protection policy. When modifying the protection policy, select the server. For more information, see Modify a protection policy.

Error code: EcsStopped

Error details: ECS instance is stopped.
Cause: The ECS instance is stopped.
Solution: Check the status of the ECS instance to confirm whether it was stopped due to an overdue payment.

Error code: EcsReleased

Error details: ECS instance has been released.
Cause: The ECS instance has been released.
Solution: Check the status of the ECS instance to confirm whether it has been released.

Error code: ClientDisconnectedAegisClientNotOnline

Error details: The Security Center agent and the anti-ransomware client are offline.
Cause: Both the Security Center agent and the anti-ransomware client are offline.
Solution: Check the network connectivity of the anti-ransomware client. On the ECS instance, use the ping or telnet command to check the network connection to the anti-ransomware endpoint and to verify your firewall policy. For more information about the endpoints, see Network access points.

Error code: ClientDisconnected

Error details: The anti-ransomware client is offline or an unexpected error occurred.
Cause: The anti-ransomware client is offline or an unexpected error occurred.
Solution:
1. Check the connectivity between the anti-ransomware client and the Cloud Backup service. On the ECS instance, use the ping or telnet command to check the network connection to the anti-ransomware endpoint and to verify your firewall policy. For more information about the endpoints, see Network access points.
2. If you confirm that there are no network connectivity issues, reinstall the client.
  1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
    
    Note
    After the uninstall is complete, the client status is displayed as Not Installed.
  2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: OOM

Error details: High memory usage.
Cause: High memory usage, often caused by a large number of files in the backup directory, can cause the system to terminate the backup process.
Solution: For more information, see Resolve OOM issues.

Error code: JOB_CANCELED

Error details: The backup job was canceled.
Cause: The backup job was canceled because the policy was disabled or the anti-ransomware capacity was exhausted.
Solution: Check whether the anti-ransomware policy is disabled. If not, check whether your used backup capacity has exceeded the total capacity. You can view the used and total capacity on the Anti-ransomware page.

Error code: FILE_CACHE_NO_SPACE

Error details: Insufficient file cache space.
Cause: Insufficient disk space is available for the file cache. The default required space is 1 GB.
Solution: Expand the disk capacity or change the file cache path. For more information, see Estimate the required disk space for file backup.

Error code: ApplicationFileNotExist

Error details: Client files are missing.
Cause: Anti-ransomware client files are missing. This may be because they were deleted by third-party security software or by a user.
Solution: Add the anti-ransomware client to the allowlist of your security software and then reinstall the client.

Error code: 0xC0000142 / 3221225794

Error details: The backup process on the Windows system failed to initialize correctly.
Cause:
- Restrictions from security software.
- Application conflicts.
- Anti-ransomware client files are missing.
Solution: Add the anti-ransomware client to the allowlist of your security software and then reinstall the client.

Error code: 1 / 2

Error details: The backup process exited unexpectedly. This error code is reported for all unhandled or unrecorded exceptions that cause the V1.0 client's backup process to exit.
Cause: An unhandled or unrecorded error occurred in the V1.0 anti-ransomware client.
Solution: Install the V2.0 anti-ransomware client. Perform the following steps:
1. Log on to Security Center console. On the Anti-ransomware for Servers tab, click Uninstall in the Actions column for the target server to uninstall the anti-ransomware client from the server.
  
  Note
  After the uninstall is complete, the client status is displayed as Not Installed.
2. On the Anti-ransomware for Servers tab, click Install in the Actions column for the target server to reinstall the anti-ransomware client.

Error code: RequestTimeTooSkewed

Error details: Time skew detected.
Cause: A significant time difference exists between the server's system time and the Security Center service time.
Solution: This error indicates that the time difference between the server and the Security Center service is too large, typically 15 minutes or more. To resolve this issue, manually synchronize the server's system time.

Error code: ecsbackupsirnotexist

Error details: The service-linked role for Cloud Backup is not authorized.
Cause: To perform anti-ransomware backups for ECS instances in the China (Ulanqab) and China (Heyuan) regions, you must grant permissions to the AliyunServiceRoleForHbrMagpieBridge service-linked role.
Solution: Log on to the Security Center console. On the Anti-ransomware for Servers tab, follow the prompts to complete the authorization. For detailed steps, see Grant permissions for new regions.

Error code: TARGET_NOT_EXIST

Error details: The restore destination directory does not exist.
Cause: The server directory was accidentally deleted or incorrectly configured.
Solution:
1. Log on to the server and check whether the directory exists.
2. Reconfigure the restore directory. For more information, see Create a restore job.

Database anti-ransomware

Error code: CLIENT_CONNECTION_ERROR

Error details: Backup failed.
Cause: The backup failed because the anti-ransomware client for databases was offline.
Solution:
- Method 1: Restart the anti-ransomware client for databases.
  Note
  You must disable the self-protection feature before restarting the client.
  - Linux: Run the command systemctl restart dbackup3-agent.
  - Windows:
    - UI: Go to the Services page, right-click Dbackup3 Agent, and then click Restart.
    - Command line: To stop the service, run net stop "dbackup3 agent". To restart the service, run net start "dbackup3 agent".
- Method 2: Reinstall the anti-ransomware client for databases.
  Reinstall the anti-ransomware client for databases in the Security Center console. For more information, see Manage protection policies and clients.

Troubleshoot policy status issues

Causes of abnormal anti-ransomware policy status

Log on to the Security Center console. In the left-side navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware. In the upper-left corner of the console, select the region of your assets: Chinese Mainland or Outside Chinese Mainland.
On the Anti-ransomware for Servers or Anti-ransomware for Databases tab, view the cause of the abnormal status in the policy list.

Policy status descriptions and solutions

Policy status	Description	Solution
Wrong Account or Password	The database username or password is incorrect.	Enter the correct database username and password, and then re-enable the policy.
Initializing	The environment is initializing.	Wait for the policy initialization to complete.
Initialization Failed	Initialization failed.	Reinstall the client and edit the policy again. For more information about how to install the client and edit a protection policy, see Manually install the client and Edit a protection policy.
Enabling	The policy is being enabled.	Wait for the policy to be enabled.
Enabled	The policy is enabled.	None
Disabled	The policy is disabled.	None
Disabling	The policy is being disabled.	Wait for the policy to be disabled.
Automatically Disabled Due to Excessive Data	The anti-ransomware capacity is full.	Manually clear historical data to free up space, or renew and expand your capacity. For more information, see What do I do if my purchased anti-ransomware data protection capacity is insufficient?.
Deleting	The policy is being deleted.	Wait for the policy deletion to complete.
Deletion Failed	Failed to delete the policy.	Delete the policy again later. For more information about how to delete a policy, see Delete a policy.
Restoring	Data recovery is in progress.	Wait for the data recovery task to complete.
Backing Up	Data backup is in progress.	Wait for the data backup task to complete.

Contact us

If the issue persists, collect the client logs for troubleshooting.

Client installation logs:
- Windows server: C:\Program Files (x86)\Alibaba\Aegis\PythonLoader\data\hbr.log
- Linux server: /usr/local/aegis/PythonLoader/data/hbr.log
Client backup logs:
- Protection policy version: V1.0
  - Windows server: C:\Program Files (x86)\Alibaba\Aegis\hbr\logs
  - Linux server: /usr/local/aegis/hbr/logs
- Protection policy version: V2.0
  - Windows server: C:\Program Files (x86)\Alibaba\Aegis\hbrClient\logs
  - CoreOS server: /opt/aegis/hbrClient/logs
  - Linux server: /usr/local/aegis/hbrClient/logs