After you install the Security Center agent on your server, you can check the protection status of the server in the Security Center console. If the Security Center agent on the server is offline, you can refer to this topic to troubleshoot the issue.
Background information
Security Center provides the agent troubleshooting feature. If the Security Center agent is offline, you can use this feature to troubleshoot the issue. For more information, see Use the agent troubleshooting feature.
Procedure
- Log on to your server and check whether the
AliYunDun
andAliYunDunUpdate
processes of the Security Center agent run as expected on your server.Note If the processes cannot run as expected, we recommend that you restart your server or reinstall the Security Center agent. For more information, see Install the Security Center agent.- Windows server
Open Task Manager and check whether the processes run as expected.
- Linux server
Run the
ps aux | grep AliYunDun
command and check whether the processes run as expected.
- Windows server
- If the protection status of your server is Unprotected the first time that you install the Security Center agent on your server, perform
the following operations to restart the Security Center agent:
- If your server is a Linux server, run the following commands:
killall AliYunDun killall AliYunDunUpdate /usr/local/aegis/aegis_client/aegis_10_xx/AliYunDun
Note In the third command, replacexx
with the greatest number among the numbers at the end of the files whose names are in the aegis_10_xx format. The greatest number indicates the latest version of the Security Center agent. You can view the files whose names are in the aegis_10_xx format in the /usr/local/aegis/aegis_client directory. For example, if the directory contains aegis_10_70, aegis_10_73, and aegis_10_75, replacexx
in the third command with75
. - If your server is a Windows server, find the
Alibaba Security Aegis Detect Service
andAlibaba Security Aegis Update Service
services of Security Center in the service list. Select and right-click the services, and select Restart.
- If your server is a Linux server, run the following commands:
- Run a ping command on your server to check whether the network connection on your
server is normal. If the IP address of your server is returned, the network connection
is normal. The command that you can run varies based on the operating system of the
server and whether the server has a public IP address.
- The server that has a public IP address such as a classic network IP address, an elastic
IP address (EIP), or the public IP address of a server not deployed on Alibaba Cloud.
- For a Windows server, run the
ping jsrv.aegis.aliyun.com -l 1000
command. - For a Linux server, run the
ping jsrv.aegis.aliyun.com -s 1000
command.
- For a Windows server, run the
- The server that does not have a public IP address. For example, the server is deployed
on a virtual private cloud (VPC) or Alibaba Finance Cloud.
- For a Windows server, run the
ping jsrv2.aegis.aliyun.com -l 1000
command. - For a Linux server, run the
ping jsrv2.aegis.aliyun.com -s 1000
command.
- For a Windows server, run the
- The server that has a public IP address such as a classic network IP address, an elastic
IP address (EIP), or the public IP address of a server not deployed on Alibaba Cloud.
- If the ping command fails to run, perform the following steps to check whether the
network connection on your server is normal:
- Check whether the Domain Name System (DNS) service runs as expected on your server. If the DNS service cannot run as expected, restart your server or check whether an error occurred on the DNS service.
- Check whether access control policies in Cloud Firewall or security group rules are
configured for your server. If an access control policy or a security group rule is
configured for your server, make sure that an outbound policy is created to allow
the IP address of the Security Center server to access external networks. You do not
need to create an inbound policy. For more information about how to configure a security
group rule, see Create a security group. For more information about how to configure an access control policy in Cloud Firewall,
see Create access control policies for the Internet firewall on outbound and inbound traffic.
Note Allow inbound and outbound traffic of the CIDR blocks that contain 100.100, 106.11, and 100.103 on all ports or on ports 80 and 443.
- If a valid IP address is returned, run a telnet command to connect to the IP address on port 80. If the connection fails, check whether the firewall is configured as required.
- Check whether the CPU utilization or memory usage of your server is high for a long period of time. For example, the CPU utilization is 95%, and the memory usage is 100%. High CPU utilization or memory usage may cause the Security Center agent to fail to work.
- Check whether third-party security software is installed on your server. Third-party
security software may prevent the Security Center agent from accessing networks.
If third-party security software is installed, we recommend that you stop the software and reinstall the Security Center agent.