All Products
Search

This Product

    Security Center:Use the agent troubleshooting feature

    Document Center

    Security Center:Use the agent troubleshooting feature

    Last Updated:Jun 06, 2024

    If the Security Center agent becomes offline upon an exception, the agent fails to be installed or uninstalled, or the processes of the Security Center agent cause high CPU utilization, you can use the agent troubleshooting feature of Security Center to troubleshoot issues. This topic describes how to use the agent troubleshooting feature.

    Background information

    The troubleshooting results contain the issues and the suggestions on how to solve the issues. You can download diagnostic logs to verify and analyze the issues.

    Prerequisites

    The agent troubleshooting feature is available for the servers that run the following versions of operating systems:

    • Windows Server 2008 and later

    • 64-bit Linux (versions later than CentOS 5)

    Scenarios

    Troubleshoot issues for servers that are added to Security Center

    1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

    2. In the left-side navigation pane, choose Assets > Host.

    3. On the Server tab of the Host page, select the servers for which you want to troubleshoot issues from the server list and click Agent Troubleshooting below the server list.image

    4. In the Agent Troubleshooting dialog box, configure the Issue Type and Mode parameters. Then, click Start Check.

      Parameter

      Description

      Issue Type

      The type of the issue that you want to troubleshoot. If you cannot identify the type, select Overall Check (Unknown Issues).

      Mode

      The mode that you want to use to troubleshoot issues. Valid values:

      • Standard Mode: In this mode, logs of the Security Center agent are collected and then reported to Security Center for analysis. The time required for troubleshooting is approximately 1 minute.

      • Enhancement Mode: In this mode, the information about the Security Center agent is collected and then reported to Security Center for analysis. The information includes network conditions, processes, and logs. The time required for troubleshooting is approximately 5 minutes.

      Note

      When you troubleshoot issues, the related diagnostic program collects information about the agent that is installed on the servers and reports the information to Security Center for analysis. The information includes the network conditions, the processes of the Security Center agent, and logs.

    5. In the Note message, click OK. In the Task Management panel that appears, view all troubleshooting tasks.

      You can also click Agent Task Management in the upper-right corner of the Host page to go to the Task Management panel.

    6. Find the task whose details you want to view and click Details in the Actions column. The Run Logs panel appears.

      The Run Logs panel displays the details about the troubleshooting tasks for each server.

      The following table describes the parameters in the Run Logs panel.

      Parameter

      Description

      Start Time/End Time

      The time when the troubleshooting task starts and ends.

      Server Information

      The information about the server on which the troubleshooting task is run.

      Status

      The status of the troubleshooting task. Valid values:

      • Start: The command that is used for troubleshooting is issued.

      • Timed Out: The command that is used for troubleshooting is issued for a while, but the troubleshooting result is not returned.

      • Successful: The troubleshooting result is generated.

      Issue

      The issues that are found after the troubleshooting task is complete.

      Result

      The solutions to the issues.

      Actions

      The operation that you can perform on the diagnostic logs of the troubleshooting task. You can download the logs to verify and analyze the issues.

      If the solutions to the issues are provided in the Result column, you can follow the solutions to solve the issues. If no solutions are provided in the Result column, click Download Diagnostic Logs in the Actions column to download the diagnostic logs. Then, report the downloaded logs and the ID of your Alibaba Cloud account to Alibaba Cloud engineers for verification and analysis.

    Troubleshoot issues for servers that are not added to Security Center

    If your servers are not added to Security Center, you can run commands on the servers based on the operating system of each server to troubleshoot issues.

    1. Log on to the server for which you want to troubleshoot issues.

      Note

      • You must log on to a Windows server as an administrator.

      • You must log on to a Linux server as a root user.

    2. Run the required command on the server.

      The command that you use to troubleshoot issues varies based on the operating system of an Elastic Compute Service (ECS) instance or a server that is not deployed on Alibaba Cloud. The following table describes the commands.

      Server

      Operating system

      Mode

      Command

      ECS instance

      Linux

      Standard Mode

      Run the following command on the server as a root user:

      wget "http://update2.aegis.aliyun.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin

      If no network connection is established between the ECS instance and Security Center, you must download the aegis_checker program and install the program on the ECS instance. Then, run the following commands on the instance:

      chmod +x aegis_checker.bin
 ./aegis_checker.bin
      Note

      If you set the Mode parameter to Standard Mode, logs of the Security Center agent are collected and then reported to Security Center for analysis. The time required for troubleshooting is approximately 1 minute.

      Enhancement Mode

      Run the following command on the server as a root user:

      wget "http://update2.aegis.aliyun.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin -b "ew0KICAgICJ1dWlkIjogIiIsDQogICAgImNtZF9pZHgiOiAiIiwNCiAgICAiaXNzdWUiOiAib3RoZXJfaXNzdWUiLA0KICAgICJtb2RlIjogMywNCiAgICAianNydl9kb21haW4iOiBbXSwNCiAgICAidXBkYXRlX2RvbWFpbiI6IFtdDQp9"
      Note

      If you set the Mode parameter to Enhancement Mode, the information about the Security Center agent is collected and then reported to Security Center for analysis. The information includes network conditions, processes, and logs. The time required for troubleshooting is approximately 5 minutes.

      Windows

      Standard Mode

      Use one of the following methods for troubleshooting:

      • Download the aegis_checker program and run the program as an administrator.

      • Run the following command in Command Prompt as an administrator:

        powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://update2.aegis.aliyun.com/download/aegis_client_self_check/win32/aegis_checker.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\aegis_checker.exe'))"; "./aegis_checker.exe"
      Note

      Windows servers do not support Enhancement Mode.

      Server that is not deployed on Alibaba Cloud

      Linux

      Standard Mode

      Run the following command on the server as a root user:

      wget "http://aegis.alicdn.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin

      Enhancement Mode

      Run the following command on the server as a root user:

      wget "http://aegis.alicdn.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin -b "ew0KICAgICJ1dWlkIjogIiIsDQogICAgImNtZF9pZHgiOiAiIiwNCiAgICAiaXNzdWUiOiAib3RoZXJfaXNzdWUiLA0KICAgICJtb2RlIjogMywNCiAgICAianNydl9kb21haW4iOiBbXSwNCiAgICAidXBkYXRlX2RvbWFpbiI6IFtdDQp9"

      Windows

      Standard Mode

      Use one of the following methods for troubleshooting:

      • Download the aegis_checker program and run the program as an administrator.

      • Run the following command in Command Prompt as an administrator:

        powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://aegis.alicdn.com/download/aegis_client_self_check/win32/aegis_checker.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\aegis_checker.exe'))"; "./aegis_checker.exe"
      Note

      Windows servers do not support Enhancement Mode.

    3. After the troubleshooting is complete, export the generated log package.

      The directory in which the log package is stored varies based on the operating system of a server.

      • Linux

        The log package is stored in /root/miniconda2/aegis_checker/output.

      • Windows

        The log package is stored in ./miniconda2/aegis_checker/output of the current directory.

      In the extracted log file, logs prefixed with [root cause] include the issues that the aegis_checker program detects on the Security Center agent. If some issues are solved, you can view the details in the logs. If some issues are not solved, the program may provide solutions. You can follow the solutions to solve the issues. If the program does not provide a solution to an issue, take a screenshot of the troubleshooting result. Then, report the screenshot, the log package, and the ID of your Alibaba Cloud account to Alibaba Cloud engineers for verification and analysis.