All Products
Search

This Product

    Security Center:Agent troubleshooting

    Document Center

    Security Center:Agent troubleshooting

    Last Updated:Mar 31, 2026

    When the Security Center agent goes offline, fails to install or uninstall, or causes high CPU usage, use the Agent Troubleshooting feature to diagnose the issue. The feature collects diagnostic data from the server, runs checks, and returns results with solutions. You can also download diagnostic logs and send them to Alibaba Cloud technical support for further analysis.

    Supported operating systems

    The Agent Troubleshooting feature supports the following server operating systems:

    • Windows Server 2008 and later

    • 64-bit Linux (CentOS 5 and earlier versions are not supported)

    Enhanced Mode is not supported on Windows operating systems.

    Choose your scenario

    ScenarioApproach
    Your server is connected to Security CenterUse the Agent Troubleshooting feature in the Security Center console. See Troubleshoot a connected server.
    Your server is not connected to Security CenterRun the aegis_checker command directly on the server. See Troubleshoot a disconnected server.

    Troubleshoot a connected server

    Start the troubleshooting check

    1. Log on to the Security Center console.

    2. In the left navigation pane, choose Assets > Host. In the upper-left corner, select the region where your asset is located: Chinese Mainland or Outside Chinese Mainland.

    3. On the Servers tab, select the target server, then click Agent Troubleshooting below the list.

      选择服务器单击客户端问题排查

    4. In the Agent Troubleshooting dialog box, select an Issue Type and a Mode, then click Start Check.

      The troubleshooting program collects agent-related data from the server — including network, process, and log data — and reports it to Security Center for analysis.
      Configuration itemDescription
      Issue TypeThe type of agent problem to diagnose. If you are unsure of the problem type, select Full Check.
      ModeThe data collection scope. Standard Mode collects agent log data and reports it to Security Center for analysis (takes about 1 minute). Enhanced Mode also collects network, process, and log data for deeper analysis (takes about 5 minutes).

    5. In the Note dialog box, click OK. The Task Management panel opens, showing all agent troubleshooting tasks. To open the Task Management panel at any time, click Agent Task Management in the upper-right corner of the Host page.

    6. Find the task you want to review and click Details in the Actions column. The Run Logs panel opens.

    Review the results

    The Run Logs panel shows troubleshooting details for each server in the task.

    ColumnDescription
    Start Time/End TimeThe start and end times of the troubleshooting task.
    Server InformationDetails about the server included in the task.
    StatusThe task status: Starting (command sent), Timeout (no result returned within the timeout period), or Successful (result generated).
    IssueProblems detected by the troubleshooting task.
    ResultSolutions to the detected problems.
    ActionsDownload the diagnostic log for further analysis.

    If the Result column provides a solution, follow it to resolve the issue. If no solution is provided, click Download Diagnostic Logs in the Actions column, then send the log file and your Alibaba Cloud account ID to Alibaba Cloud technical support.

    Troubleshoot a disconnected server

    If your server is not connected to Security Center, run the aegis_checker command directly on the server. Log on with root permissions (Linux) or administrative permissions (Windows) before you begin.

    Run aegis_checker

    1. Log on to the target server.

    2. Run the command for your server type, operating system, and mode.

      Alibaba Cloud ECS — Linux

      Standard Mode (takes about 1 minute):

      wget "http://update2.aegis.aliyun.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin

      If the ECS instance cannot reach the Security Center network, download aegis_checker manually, copy it to the server, then run:

      chmod +x aegis_checker.bin
./aegis_checker.bin

      Enhanced Mode (takes about 5 minutes):

      wget "http://update2.aegis.aliyun.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin -b "ew0KICAgICJ1dWlkIjogIiIsDQogICAgImNtZF9pZHgiOiAiIiwNCiAgICAiaXNzdWUiOiAib3RoZXJfaXNzdWUiLA0KICAgICJtb2RlIjogMywNCiAgICAianNydl9kb21haW4iOiBbXSwNCiAgICAidXBkYXRlX2RvbWFpbiI6IFtdDQp9"

      Alibaba Cloud ECS — Windows

      Standard Mode only (Enhanced Mode is not supported on Windows):

      • Download aegis_checker.exe and run it with administrative permissions.

      • Or run the following command in an elevated Command Prompt:

      powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://update2.aegis.aliyun.com/download/aegis_client_self_check/win32/aegis_checker.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\aegis_checker.exe'))"; "./aegis_checker.exe"

      Server not deployed on Alibaba Cloud — Linux

      Standard Mode (takes about 1 minute):

      wget "http://aegis.alicdn.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin

      Enhanced Mode (takes about 5 minutes):

      wget "http://aegis.alicdn.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin -b "ew0KICAgICJ1dWlkIjogIiIsDQogICAgImNtZF9pZHgiOiAiIiwNCiAgICAiaXNzdWUiOiAib3RoZXJfaXNzdWUiLA0KICAgICJtb2RlIjogMywNCiAgICAianNydl9kb21haW4iOiBbXSwNCiAgICAidXBkYXRlX2RvbWFpbiI6IFtdDQp9"

      Server not deployed on Alibaba Cloud — Windows

      Standard Mode only (Enhanced Mode is not supported on Windows):

      • Download aegis_checker.exe and run it with administrative permissions.

      • Or run the following command in an elevated Command Prompt:

      powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://aegis.alicdn.com/download/aegis_client_self_check/win32/aegis_checker.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\aegis_checker.exe'))"; "./aegis_checker.exe"

    3. After the check completes, locate the compressed log package.

      Operating systemLog package location
      Linux/root/miniconda2/aegis_checker/output
      Windows.\miniconda2\aegis_checker\output (current directory)

    4. Open the log and look for entries prefixed with [root cause]. These mark problems detected by aegis_checker. If a solution is provided alongside the entry, follow it to resolve the issue. If aegis_checker does not provide a solution, send the following to Alibaba Cloud technical support:

      • A screenshot of the check results

      • The compressed log package

      • Your Alibaba Cloud account ID