After you install the Security Center agent on your server, you can check the protection status of the server in the Security Center console. If the Security Center agent on the server is offline, you can refer to this topic to troubleshoot the issue.

Background information

Security Center provides the agent troubleshooting feature. If the Security Center agent is offline, you can use this feature to troubleshoot the issue. For more information, see Use the agent troubleshooting feature.

Procedure

  1. Log on to your server and check whether the AliYunDun and AliYunDunUpdate processes of the Security Center agent run as expected on your server.
    Note If the processes cannot run as expected, we recommend that you restart your server or reinstall the Security Center agent. For more information, see Install the Security Center agent.
    • Windows server

      Open Task Manager and check whether the processes run as expected.

      Windows
    • Linux server

      Run the ps aux | grep AliYunDun command and check whether the processes run as expected.

      linux
  2. If the protection status of your server is Unprotected the first time that you install the Security Center agent on your server, perform the following operations to restart the Security Center agent:
    • If your server is a Linux server, run the following commands:
      killall AliYunDun
      killall AliYunDunUpdate
      /usr/local/aegis/aegis_client/aegis_10_xx/AliYunDun
      Note In the third command, replace xx with the greatest number among the numbers at the end of the files whose names are in the aegis_10_xx format. The greatest number indicates the latest version of the Security Center agent. You can view the files whose names are in the aegis_10_xx format in the /usr/local/aegis/aegis_client directory. For example, if the directory contains aegis_10_70, aegis_10_73, and aegis_10_75, replace xx in the third command with 75.
    • If your server is a Windows server, find the Alibaba Security Aegis Detect Service and Alibaba Security Aegis Update Service services of Security Center in the service list. Select and right-click the services, and select Restart. Restart
  3. Run a ping command on your server to check whether the network connection on your server is normal. If the IP address of your server is returned, the network connection is normal. The command that you can run varies based on the operating system of the server and whether the server has a public IP address.
    • The server that has a public IP address such as a classic network IP address, an elastic IP address (EIP), or the public IP address of a server not deployed on Alibaba Cloud.
      • For a Windows server, run the ping jsrv.aegis.aliyun.com -l 1000 command.
      • For a Linux server, run the ping jsrv.aegis.aliyun.com -s 1000 command.
    • The server that does not have a public IP address. For example, the server is deployed on a virtual private cloud (VPC) or Alibaba Finance Cloud.
      • For a Windows server, run the ping jsrv2.aegis.aliyun.com -l 1000 command.
      • For a Linux server, run the ping jsrv2.aegis.aliyun.com -s 1000 command.
  4. If the ping command fails to run, perform the following steps to check whether the network connection on your server is normal:
    1. Check whether the Domain Name System (DNS) service runs as expected on your server. If the DNS service cannot run as expected, restart your server or check whether an error occurred on the DNS service.
    2. Check whether access control policies in Cloud Firewall or security group rules are configured for your server. If an access control policy or a security group rule is configured for your server, make sure that an outbound policy is created to allow the IP address of the Security Center server to access external networks. You do not need to create an inbound policy. For more information about how to configure a security group rule, see Create a security group. For more information about how to configure an access control policy in Cloud Firewall, see Create access control policies for the Internet firewall on outbound and inbound traffic.
      Note Allow inbound and outbound traffic of the CIDR blocks that contain 100.100, 106.11, and 100.103 on all ports or on ports 80 and 443.
    3. If a valid IP address is returned, run a telnet command to connect to the IP address on port 80. If the connection fails, check whether the firewall is configured as required.
  5. Check whether the CPU utilization or memory usage of your server is high for a long period of time. For example, the CPU utilization is 95%, and the memory usage is 100%. High CPU utilization or memory usage may cause the Security Center agent to fail to work.
  6. Check whether third-party security software is installed on your server. Third-party security software may prevent the Security Center agent from accessing networks.

    If third-party security software is installed, we recommend that you stop the software and reinstall the Security Center agent.