If the Security Center agent becomes offline upon an exception, the agent fails to be installed or uninstalled, or the processes of the Security Center agent cause high CPU utilization, you can use the agent troubleshooting feature of Security Center to troubleshoot issues. This topic describes how to use the agent troubleshooting feature.
Background information
The troubleshooting results contain the issues and the suggestions on how to solve the issues. You can download diagnostic logs to verify and analyze the issues.
Prerequisites
The agent troubleshooting feature is available for the servers that run the following versions of operating systems:
Windows Server 2008 and later
64-bit Linux (versions later than CentOS 5)
Scenarios
If your servers are added to Security Center, you can click Agent Troubleshooting on the Server tab of the Assets page in the Security Center console to troubleshoot issues. For more information, see Troubleshoot issues for servers that are added to Security Center.
If your servers are not added to Security Center, you can run aegis_checker commands on the servers to troubleshoot issues. For more information, see Troubleshoot issues for servers that are not added to Security Center.
Troubleshoot issues for servers that are added to Security Center
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
On the Server tab of the Host page, select the servers for which you want to troubleshoot issues from the server list and click Agent Troubleshooting below the server list.
In the Agent Troubleshooting dialog box, configure the Issue Type and Mode parameters. Then, click Start Check.
Parameter
Description
Issue Type
The type of the issue that you want to troubleshoot. If you cannot identify the type, select Overall Check (Unknown Issues).
Mode
The mode that you want to use to troubleshoot issues. Valid values:
Standard Mode: In this mode, logs of the Security Center agent are collected and then reported to Security Center for analysis. The time required for troubleshooting is approximately 1 minute.
Enhancement Mode: In this mode, the information about the Security Center agent is collected and then reported to Security Center for analysis. The information includes network conditions, processes, and logs. The time required for troubleshooting is approximately 5 minutes.
NoteWhen you troubleshoot issues, the related diagnostic program collects information about the agent that is installed on the servers and reports the information to Security Center for analysis. The information includes the network conditions, the processes of the Security Center agent, and logs.
In the Note message, click OK. In the Task Management panel that appears, view all troubleshooting tasks.
You can also click Agent Task Management in the upper-right corner of the Host page to go to the Task Management panel.
Find the task whose details you want to view and click Details in the Actions column. The Run Logs panel appears.
The Run Logs panel displays the details about the troubleshooting tasks for each server.
The following table describes the parameters in the Run Logs panel.
Parameter
Description
Start Time/End Time
The time when the troubleshooting task starts and ends.
Server Information
The information about the server on which the troubleshooting task is run.
Status
The status of the troubleshooting task. Valid values:
Start: The command that is used for troubleshooting is issued.
Timed Out: The command that is used for troubleshooting is issued for a while, but the troubleshooting result is not returned.
Successful: The troubleshooting result is generated.
Issue
The issues that are found after the troubleshooting task is complete.
Result
The solutions to the issues.
Actions
The operation that you can perform on the diagnostic logs of the troubleshooting task. You can download the logs to verify and analyze the issues.
If the solutions to the issues are provided in the Result column, you can follow the solutions to solve the issues. If no solutions are provided in the Result column, click Download Diagnostic Logs in the Actions column to download the diagnostic logs. Then, report the downloaded logs and the ID of your Alibaba Cloud account to Alibaba Cloud engineers for verification and analysis.
Troubleshoot issues for servers that are not added to Security Center
If your servers are not added to Security Center, you can run commands on the servers based on the operating system of each server to troubleshoot issues.
Log on to the server for which you want to troubleshoot issues.
NoteYou must log on to a Windows server as an administrator.
You must log on to a Linux server as a root user.
Run the required command on the server.
The command that you use to troubleshoot issues varies based on the operating system of an Elastic Compute Service (ECS) instance or a server that is not deployed on Alibaba Cloud. The following table describes the commands.
Server
Operating system
Mode
Command
ECS instance
Linux
Standard Mode
Run the following command on the server as a root user:
wget "http://update2.aegis.aliyun.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin
If no network connection is established between the ECS instance and Security Center, you must download the aegis_checker program and install the program on the ECS instance. Then, run the following commands on the instance:
chmod +x aegis_checker.bin ./aegis_checker.bin
NoteIf you set the Mode parameter to Standard Mode, logs of the Security Center agent are collected and then reported to Security Center for analysis. The time required for troubleshooting is approximately 1 minute.
Enhancement Mode
Run the following command on the server as a root user:
wget "http://update2.aegis.aliyun.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin -b "ew0KICAgICJ1dWlkIjogIiIsDQogICAgImNtZF9pZHgiOiAiIiwNCiAgICAiaXNzdWUiOiAib3RoZXJfaXNzdWUiLA0KICAgICJtb2RlIjogMywNCiAgICAianNydl9kb21haW4iOiBbXSwNCiAgICAidXBkYXRlX2RvbWFpbiI6IFtdDQp9"
NoteIf you set the Mode parameter to Enhancement Mode, the information about the Security Center agent is collected and then reported to Security Center for analysis. The information includes network conditions, processes, and logs. The time required for troubleshooting is approximately 5 minutes.
Windows
Standard Mode
Use one of the following methods for troubleshooting:
Download the aegis_checker program and run the program as an administrator.
Run the following command in Command Prompt as an administrator:
powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://update2.aegis.aliyun.com/download/aegis_client_self_check/win32/aegis_checker.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\aegis_checker.exe'))"; "./aegis_checker.exe"
NoteWindows servers do not support Enhancement Mode.
Server that is not deployed on Alibaba Cloud
Linux
Standard Mode
Run the following command on the server as a root user:
wget "http://aegis.alicdn.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin
Enhancement Mode
Run the following command on the server as a root user:
wget "http://aegis.alicdn.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin -b "ew0KICAgICJ1dWlkIjogIiIsDQogICAgImNtZF9pZHgiOiAiIiwNCiAgICAiaXNzdWUiOiAib3RoZXJfaXNzdWUiLA0KICAgICJtb2RlIjogMywNCiAgICAianNydl9kb21haW4iOiBbXSwNCiAgICAidXBkYXRlX2RvbWFpbiI6IFtdDQp9"
Windows
Standard Mode
Use one of the following methods for troubleshooting:
Download the aegis_checker program and run the program as an administrator.
Run the following command in Command Prompt as an administrator:
powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://aegis.alicdn.com/download/aegis_client_self_check/win32/aegis_checker.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\aegis_checker.exe'))"; "./aegis_checker.exe"
NoteWindows servers do not support Enhancement Mode.
After the troubleshooting is complete, export the generated log package.
The directory in which the log package is stored varies based on the operating system of a server.
Linux
The log package is stored in /root/miniconda2/aegis_checker/output.
Windows
The log package is stored in ./miniconda2/aegis_checker/output of the current directory.
In the extracted log file, logs prefixed with [root cause] include the issues that the aegis_checker program detects on the Security Center agent. If some issues are solved, you can view the details in the logs. If some issues are not solved, the program may provide solutions. You can follow the solutions to solve the issues. If the program does not provide a solution to an issue, take a screenshot of the troubleshooting result. Then, report the screenshot, the log package, and the ID of your Alibaba Cloud account to Alibaba Cloud engineers for verification and analysis.