This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR trap agent unable to connect the console

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR trap agent unable to connect the console

minhtetmaung
L0 Member

‎12-20-2023 10:37 PM

Hello! 
I got into a trouble with linux oracle and redhat, the trap agent was installed successfully, the agent is activate, broker_vm defined as proxy and it connected, in the console the endpoints were visible (even in the endpoint description also shown the configure proxy address) but the state is in disconnected and also I cant generate the endpoint`s log from the console.
Here are the steps I taken,
1.check with the cmd (/opt/traps/bin/cytool runtime query) alls are in running state.

 

2.check the proxy state (/opt/traps/bin/cytool proxy query) the proxy is enable and also got connection to broker_vm / also ping test to the broker_vm and it reached.
Note: the borker_vm is working well cause other window servers are also connected and they are fine.

 

3.check the cortex.conf file is in correct path and it is in correct path (cat /etc/panw/cortex.conf)

 

4.check the trap agent state (systemctl status traps_pmd.service) and showing active(running)


Sincerely request for the help me out if you got small amount of time. Thanks.

0 Likes Likes
4 REPLIES 4

Vinothkumar_SBA
L3 Networker

‎12-21-2023 12:13 AM - edited ‎12-21-2023 12:15 AM

Hi Minhtetmanug,

 

Step 1: Please check if the communication between the endpoint and broker VM is allowed. Ping the broker VM IP from the issued endpoint and then try to telnet the broker VM Port. If both operations work fine, proceed to the second step.

 

Step 2: Run the following command with root privileges: /opt/traps/bin/cytool reconnect force (agent distribution id). If you are still facing the same issues, proceed to the third step.

 

Step 3: Run the following command with root privileges: /opt/traps/bin/cytool log collect. Collect the Agent logs from /var/log/traps/.

 

Hope this answers your query. Please mark the response as "Accept as solution" if it helps.

(1)

Rocky-25
L2 Linker

‎12-21-2023 04:35 AM

Hi Minhtetmanug. I had a similar issue here: https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/broker-vm-connection-issue/m-p/555307

0 Likes Likes

minhtetmaung
L0 Member
In response to Rocky-25

‎12-21-2023 09:02 PM

Thanks for the notice and reply but as I mentioned there are other trap agent installed endpints (window server) these also use broker_vm and there are fine.

 

0 Likes Likes

halltodd
L0 Member
In response to Vinothkumar_SBA

‎05-22-2024 10:00 AM

Thank you for this!  Running the reconnect gave me an error message that there was no more space in /var/logs.  I manually cleared up some space and ran systemctl start traps_pmd and the service is now running

0 Likes Likes
  • 2352 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks