Cortex XDR trap agent unable to connect the console

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XDR trap agent unable to connect the console

L0 Member

Hello! 
I got into a trouble with linux oracle and redhat, the trap agent was installed successfully, the agent is activate, broker_vm defined as proxy and it connected, in the console the endpoints were visible (even in the endpoint description also shown the configure proxy address) but the state is in disconnected and also I cant generate the endpoint`s log from the console.
Here are the steps I taken,
1.check with the cmd (/opt/traps/bin/cytool runtime query) alls are in running state.

 

2.check the proxy state (/opt/traps/bin/cytool proxy query) the proxy is enable and also got connection to broker_vm / also ping test to the broker_vm and it reached.
Note: the borker_vm is working well cause other window servers are also connected and they are fine.

 

3.check the cortex.conf file is in correct path and it is in correct path (cat /etc/panw/cortex.conf)

 

4.check the trap agent state (systemctl status traps_pmd.service) and showing active(running)


Sincerely request for the help me out if you got small amount of time. Thanks.

4 REPLIES 4

L3 Networker

Hi Minhtetmanug,

 

Step 1: Please check if the communication between the endpoint and broker VM is allowed. Ping the broker VM IP from the issued endpoint and then try to telnet the broker VM Port. If both operations work fine, proceed to the second step.

 

Step 2: Run the following command with root privileges: /opt/traps/bin/cytool reconnect force (agent distribution id). If you are still facing the same issues, proceed to the third step.

 

Step 3: Run the following command with root privileges: /opt/traps/bin/cytool log collect. Collect the Agent logs from /var/log/traps/.

 

Hope this answers your query. Please mark the response as "Accept as solution" if it helps.

L2 Linker

Thanks for the notice and reply but as I mentioned there are other trap agent installed endpints (window server) these also use broker_vm and there are fine.

 

Thank you for this!  Running the reconnect gave me an error message that there was no more space in /var/logs.  I manually cleared up some space and ran systemctl start traps_pmd and the service is now running

  • 2578 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!