Traps Watchdog Service

Reply

Traps Watchdog Service

Traps Watchdog Service stops, I cam to realize from the Event Viewer on different endpoints that the service Traps Watchdog stops after few seconds and up to a minute from starting, wether it was started due to system boot or started manually, this happens on different versions of ESM (4.1 and 4.2), different versions of Traps agents (4.1.4 and 4.1.3 ), and even different enpoints, all windows though (server 2012, 2008 and windows 10).

So I want to know if this is the normal behaviour of this service or is it an issue.

L4 Transporter

Re: Traps Watchdog Service

AbdulRahman_safwat-

 

The watchdog service is a monitoring service, that makes sure all components for the local traps agent start correctly. The natural state for that service is off. Should you see the watchdog service on, you should investigate the local agent.

Re: Traps Watchdog Service

Thank you for the quick repley @efrancis, but in the release notes of 4.1 there is the following sentence:

"The watchdog service that monitors the status of critical Traps services such as local analysis now runs only when the endpoint boots. Previously, the watchdog service ran only when the user logged in to the endpoint. The change enables Traps services to restart earlier, thereby ensuring Traps protection is enabled before the user logs in."

So can you relate between it and the answer you provided, and also confirm to me since this service starts momentarily when the system boots, does this means that there are issues, or is it normal.

Thanks

Highlighted
L4 Transporter

Re: Traps Watchdog Service

Previously the watchdog service was tied to the user login, and now it is on the system side (during boot).  If the service is continuing to run, you should investigate the local agent. If you see the service start and stop, you should be just fine.

 

You can always open a case with Palo Alto Support, and one of the Traps support team should be able to assist with validating proper operation of the local agent, As well, they will be able to answer any other questions you may have about the agent or ESM.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!