🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis™ Linux Agent Troubleshooting

integrations endpoints edr taegis agent secureworks


This document provides guidance on initial agent troubleshooting steps you can take and information you can gather prior to reaching out to Secureworks support for assistance with agent issues.

Tip

Additional Taegis™ Agent troubleshooting, tutorial, and informational articles are available in the Secureworks Knowledge Base.

Support Scripts

There are two support scripts for the Taegis™ Endpoint Agent for Linux: linux_sysinfo.sh and supportScript.sh. See the following sections for an overview of each.

linux_sysinfo.sh

Download script here: linux_sysinfo.sh.

linux_sysinfo.sh is a script to assist with gathering important information on a system potentially in need of support. In order for all the information to be gathered, it needs to be run as root. There is currently only one option available for this script to manipulate the time that strace runs on the system.

Command Description
./linux_sysinfo.sh Default strace = 3 seconds
./linux_sysinfo.sh --strace-secs <secs> strace time =

Output for running this script can be redirected to a file using the following command: ./linux_sysinfo.sh > <file-name>.

Agent process information collection depends on if the agent is running. If the agent is not running, strace information will not be recorded and stack information related to the agent pid will not be dumped. If the agent is running, strace and stack information will be recorded. Strace information will be located in the same location that the script is run in a file with the name straceTaegisLog.txt. Stack information will be printed to the console or redirected to a file depending on if the file redirection command was used.

Regardless if the agent is running, verify that statistical information exists under each of the following headers after the script is run. This is currently the only snapshot information this script gathers.

#"=========== Hardware Configuration ============"
#"=========== CPU Info =========================="
#"=========== Mounts ============================"
#"=========== OS Identification ================="
#"=========== lsb_release ======================="
#"=========== Uname ============================="
#"=========== Kernel Version ===================="
#"=========== Logged In Users ==================="
#"=========== Active Processes =================="
#"=========== Cpu Usage % ======================="
#"=========== Memory Usage % ===================="
#"=========== Network Connections ==============="
#"=========== Crashes ==========================="
#"=========== Agent Configuration ==============="

supportScript.sh

Download script here: supportScript.sh.

supportScript.sh is a script to assist the Linux agent with installation. It checks that all the required files and directories exist on the current system while also enforcing that permissions are properly set for each file and directory. If the permissions are improperly set or a file is missing, the script will fail and inform you of the installation error. This script needs to be run as root. There are currently four commands for this script.

Command Description
./supportScript.sh pre-registerCheck Check agent file locations and permissions before any taegistctl commands are run
./supportScript.sh post-registerCheck Check agent file locations and permissions after taegisctl register is run
./supportScript.sh post-startCheck Check agent file locations and permissions after tageisctl start is run
./supportScript.sh service-status Echo the status of agent services

Connectivity Issues

Installation

Connection error:

2022-04-07 17:36:23.167 E [T:3562] 15 17d46:320 Connection unsuccessful
2022-04-07 17:36:23.167 E [T:3562] 15 17d46:178 Registration failed

Invalid registration key:

2022-05-31 16:58:25.389 E [T:29653] 15 17d46:345 https://reg.d.taegiscloud.com/agent-register/v1/register 400 {"message":"invalid registration_key"}
2022-05-31 16:58:25.408 E [T:29653] 15 17d46:178 Registration failed

SELinux configuration:

[user@localhost ~]$ sudo /opt/secureworks/taegis-agent/bin/taegisctl register
SELinux is in Enforcing mode; exiting.

If this happens, remember to include the --allow_enforcing switch to taegisctl register. For more information, see SELinux/AppArmor and the Agent.

Auto Upgrade Failures

Performance Issues

In order to troubleshoot performance issues like CPU, memory spike, and application crashing, provide Secureworks support the following information and logs. If the log files are too large, ask Secureworks for a file share link to upload the logs.

Provide the following Information

Service Not Starting

sudo /opt/secureworks/taegis-agent/bin/taegisctl status

Agent Service Status    :  running   
Updater Service Status  :  running
Driver Loaded           :  true  
Agent is Registered     :  true     
Sink URL                :  wss://sink.c.taegiscloud.com:8443/ws

Uninstall

Typical issues are due to the user not having the right privilege to perform uninstall operations. Ensure user has an elevated role to perform uninstall.

 

On this page: