All Products
Search
Document Center

Security Center:Use the agent troubleshooting feature

Last Updated:Jun 06, 2024

If the Security Center agent becomes offline upon an exception, the agent fails to be installed or uninstalled, or the processes of the Security Center agent cause high CPU utilization, you can use the agent troubleshooting feature of Security Center to troubleshoot issues. This topic describes how to use the agent troubleshooting feature.

Background information

The troubleshooting results contain the issues and the suggestions on how to solve the issues. You can download diagnostic logs to verify and analyze the issues.

Prerequisites

The agent troubleshooting feature is available for the servers that run the following versions of operating systems:

  • Windows Server 2008 and later

  • 64-bit Linux (versions later than CentOS 5)

Scenarios

Troubleshoot issues for servers that are added to Security Center

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

  2. In the left-side navigation pane, choose Assets > Host.

  3. On the Server tab of the Host page, select the servers for which you want to troubleshoot issues from the server list and click Agent Troubleshooting below the server list.image

  4. In the Agent Troubleshooting dialog box, configure the Issue Type and Mode parameters. Then, click Start Check.

    Parameter

    Description

    Issue Type

    The type of the issue that you want to troubleshoot. If you cannot identify the type, select Overall Check (Unknown Issues).

    Mode

    The mode that you want to use to troubleshoot issues. Valid values:

    • Standard Mode: In this mode, logs of the Security Center agent are collected and then reported to Security Center for analysis. The time required for troubleshooting is approximately 1 minute.

    • Enhancement Mode: In this mode, the information about the Security Center agent is collected and then reported to Security Center for analysis. The information includes network conditions, processes, and logs. The time required for troubleshooting is approximately 5 minutes.

    Note

    When you troubleshoot issues, the related diagnostic program collects information about the agent that is installed on the servers and reports the information to Security Center for analysis. The information includes the network conditions, the processes of the Security Center agent, and logs.

  5. In the Note message, click OK. In the Task Management panel that appears, view all troubleshooting tasks.

    You can also click Agent Task Management in the upper-right corner of the Host page to go to the Task Management panel.

  6. Find the task whose details you want to view and click Details in the Actions column. The Run Logs panel appears.

    The Run Logs panel displays the details about the troubleshooting tasks for each server.

    The following table describes the parameters in the Run Logs panel.

    Parameter

    Description

    Start Time/End Time

    The time when the troubleshooting task starts and ends.

    Server Information

    The information about the server on which the troubleshooting task is run.

    Status

    The status of the troubleshooting task. Valid values:

    • Start: The command that is used for troubleshooting is issued.

    • Timed Out: The command that is used for troubleshooting is issued for a while, but the troubleshooting result is not returned.

    • Successful: The troubleshooting result is generated.

    Issue

    The issues that are found after the troubleshooting task is complete.

    Result

    The solutions to the issues.

    Actions

    The operation that you can perform on the diagnostic logs of the troubleshooting task. You can download the logs to verify and analyze the issues.

    If the solutions to the issues are provided in the Result column, you can follow the solutions to solve the issues. If no solutions are provided in the Result column, click Download Diagnostic Logs in the Actions column to download the diagnostic logs. Then, report the downloaded logs and the ID of your Alibaba Cloud account to Alibaba Cloud engineers for verification and analysis.

Troubleshoot issues for servers that are not added to Security Center

If your servers are not added to Security Center, you can run commands on the servers based on the operating system of each server to troubleshoot issues.

  1. Log on to the server for which you want to troubleshoot issues.

    Note
    • You must log on to a Windows server as an administrator.

    • You must log on to a Linux server as a root user.

  2. Run the required command on the server.

    The command that you use to troubleshoot issues varies based on the operating system of an Elastic Compute Service (ECS) instance or a server that is not deployed on Alibaba Cloud. The following table describes the commands.

    Server

    Operating system

    Mode

    Command

    ECS instance

    Linux

    Standard Mode

    Run the following command on the server as a root user:

    wget "http://update2.aegis.aliyun.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin

    If no network connection is established between the ECS instance and Security Center, you must download the aegis_checker program and install the program on the ECS instance. Then, run the following commands on the instance:

    chmod +x aegis_checker.bin
     ./aegis_checker.bin
    Note

    If you set the Mode parameter to Standard Mode, logs of the Security Center agent are collected and then reported to Security Center for analysis. The time required for troubleshooting is approximately 1 minute.

    Enhancement Mode

    Run the following command on the server as a root user:

    wget "http://update2.aegis.aliyun.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin -b "ew0KICAgICJ1dWlkIjogIiIsDQogICAgImNtZF9pZHgiOiAiIiwNCiAgICAiaXNzdWUiOiAib3RoZXJfaXNzdWUiLA0KICAgICJtb2RlIjogMywNCiAgICAianNydl9kb21haW4iOiBbXSwNCiAgICAidXBkYXRlX2RvbWFpbiI6IFtdDQp9"
    Note

    If you set the Mode parameter to Enhancement Mode, the information about the Security Center agent is collected and then reported to Security Center for analysis. The information includes network conditions, processes, and logs. The time required for troubleshooting is approximately 5 minutes.

    Windows

    Standard Mode

    Use one of the following methods for troubleshooting:

    • Download the aegis_checker program and run the program as an administrator.

    • Run the following command in Command Prompt as an administrator:

      powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://update2.aegis.aliyun.com/download/aegis_client_self_check/win32/aegis_checker.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\aegis_checker.exe'))"; "./aegis_checker.exe"
    Note

    Windows servers do not support Enhancement Mode.

    Server that is not deployed on Alibaba Cloud

    Linux

    Standard Mode

    Run the following command on the server as a root user:

    wget "http://aegis.alicdn.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin

    Enhancement Mode

    Run the following command on the server as a root user:

    wget "http://aegis.alicdn.com/download/aegis_client_self_check/linux64/aegis_checker.bin" && chmod +x aegis_checker.bin && ./aegis_checker.bin -b "ew0KICAgICJ1dWlkIjogIiIsDQogICAgImNtZF9pZHgiOiAiIiwNCiAgICAiaXNzdWUiOiAib3RoZXJfaXNzdWUiLA0KICAgICJtb2RlIjogMywNCiAgICAianNydl9kb21haW4iOiBbXSwNCiAgICAidXBkYXRlX2RvbWFpbiI6IFtdDQp9"

    Windows

    Standard Mode

    Use one of the following methods for troubleshooting:

    • Download the aegis_checker program and run the program as an administrator.

    • Run the following command in Command Prompt as an administrator:

      powershell -executionpolicy bypass -c "(New-Object Net.WebClient).DownloadFile('http://aegis.alicdn.com/download/aegis_client_self_check/win32/aegis_checker.exe', $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\aegis_checker.exe'))"; "./aegis_checker.exe"
    Note

    Windows servers do not support Enhancement Mode.

  3. After the troubleshooting is complete, export the generated log package.

    The directory in which the log package is stored varies based on the operating system of a server.

    • Linux

      The log package is stored in /root/miniconda2/aegis_checker/output.

    • Windows

      The log package is stored in ./miniconda2/aegis_checker/output of the current directory.

    In the extracted log file, logs prefixed with [root cause] include the issues that the aegis_checker program detects on the Security Center agent. If some issues are solved, you can view the details in the logs. If some issues are not solved, the program may provide solutions. You can follow the solutions to solve the issues. If the program does not provide a solution to an issue, take a screenshot of the troubleshooting result. Then, report the screenshot, the log package, and the ID of your Alibaba Cloud account to Alibaba Cloud engineers for verification and analysis.