Environment

• App Control Agent: All Supported Linux Versions
• Linux Operating System: All Supported Versions

Objective

Resolution

1. On the disconnected endpoint use Terminal to issue the following commands to verify the Agent is running and has a Server listed:

   cd /opt/bit9/bin
   ./b9cli --status
   

   • If no Server is listed, the install was missing the server.conf file, and should be re-installed using the Uninstall Disconnected Linux Agent method.
   • If the Agent is not running attempt to start the Agent first. 
2. If the Agent is fully running and otherwise healthy: authenticate with the Agent and issue the following commands:

   ./b9cli --password GlobalCLIPassword
   ./b9cli --disconnect
   ./b9cli --debuglevel 4
   ./b9cli --kerneltrace 4
   ./b9cli --nettrace 1
   ./b9cli --connect
   ./b9cli --healthcheck
   ./b9cli --status
   

3. In the returned output, locate: Server Information > Server and note the address
   Example: appserver.domain.com:41002 means the Server Address is appserver.domain.com
4. Attempt communication between the endpoint and the Server Address returned in theby running the following commands:

   ping <SERVERADDRESS>
   nslookup <SERVERADDRESS>
   telnet <SERVERADDRESS> <SERVERPORT>

   Note: If the Telnet utility is unavailable the timeout utility (part of the coreutils package) could be used instead:

   timeout 1 bash -c "</dev/tcp/ServerAddressHere/41002"
   echo $?
   

   An exit status of 0 indicates the Server Address is responding on the port specified (41002).
5. Set the Debug Levels back to the defaults and collect the logs:

   ./b9cli --debuglevel 0
   ./b9cli --kerneltrace 2
   ./b9cli --nettrace 0
   sudo ./b9cli --capture /var/tmp/DisconnectedAgentLogs.zip

6. Collect the System Logs::

   sudo tar cvfz /var/tmp/SystemLogs.tgz /var/log

7. Upload the logs to the Vault for review.

Related Content