Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Review each step to troubleshoot your problem. If the first step does not resolve the issue, then continue to the second step until the issue has been resolved. As always, you can send a support ticket. 

Logging

...

titleStep 1: Verify the status of filebeat

...

cat C:\.armor\opt\winlogbeat-5.2.0-windows-x86_64\winlogbeat.yml
cat C:\.armor\opt\filebeat-5.2.0-windows-x86_64\filebeat.yml

...

  • Windows uses both winlogbeat and filebeat.
  • Commands should run in Powershell.
  • To review additional configurations, certificates, and service information, review a server's directory:

      • C:\.armor\opt\winlogbeat*
      • C:\.armor\opt\filebeat*

...

Expand
titleStep 2: Send a support ticket

Click the following link to open a support ticket in AMP: https://amp.armor.com/support/tickets/new

To learn how to send a support ticket, see Support Tickets.

...

The winlogbeat logging agent is not installed.

Note

This section only applies to Windows users.

...

titleStep 1: Verify the status of winlogbeat

...

cat C:\.armor\opt\winlogbeat-5.2.0-windows-x86_64\winlogbeat.yml
cat C:\.armor\opt\filebeat-5.2.0-windows-x86_64\filebeat.yml

...

  • Windows uses both winlogbeat and filebeat.
  • Commands should run in Powershell.
  • To review additional configurations, certificates, and service information, review a server's directory:

      • C:\.armor\opt\winlogbeat*
      • C:\.armor\opt\filebeat*

...

Expand
titleStep 2: Send a support ticket

Click the following link to open a support ticket in AMP: https://amp.armor.com/support/tickets/new

To learn how to send a support ticket, see Support Tickets.

...

titleStep 1: Check logging services

...

cat C:\.armor\opt\winlogbeat-5.2.0-windows-x86_64\winlogbeat.yml
cat C:\.armor\opt\filebeat-5.2.0-windows-x86_64\filebeat.yml

...

  • Windows uses both winlogbeat and filebeat.
  • Commands should run in Powershell.
  • To review additional configurations, certificates, and service information, review a server's directory:

      • C:\.armor\opt\winlogbeat*
      • C:\.armor\opt\filebeat*

...

Expand
titleStep 2: Check connectivity
PortDestination
515/tcp

Malware Protection

...

Malware Protection has not provided a heartbeat in the past 4 hours.

...

titleStep 1: Verify the status of the agent

...

gsv -displayname *trend*

...

ps_axu | grep ds_agent

...

titleStep 2: Check the connectivity of the agent

...

& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus | sls -pattern url

...

new-object System.Net.Sockets.TcpClient('146.88.106.210', 443)

...

/opt/ds_agent/dsa_query -c GetAgentStatus | grep AgentStatus.dsmUrl

...

titleStep 3: Manually heartbeat the agent

...

Code Block
PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds.

...

Code Block
/opt/ds_agent/dsa_control -m

...


Expand
titleStep 4: Send a support ticket

Click the following link to open a support ticket in AMP: https://amp.armor.com/support/tickets/new

To learn how to send a support ticket, see Support Tickets.

...

Malware Protection is not installed or configured.

...

titleStep 1: Verify the status of the agent

...

gsv -displayname *trend*

...

ps_axu | grep ds_agent

...

titleStep 2: Check the connectivity of the agent

...

& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus | sls -pattern url

...

new-object System.Net.Sockets.TcpClient('146.88.106.210', 443)

...

/opt/ds_agent/dsa_query -c GetAgentStatus | grep AgentStatus.dsmUrl

...

titleStep 3: Manually heartbeat the agent

...

Code Block
PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds.

...

Code Block
/opt/ds_agent/dsa_control -m
Expand
titleStep 4: Check the components for the agent
Windows
Code Block
& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetComponentInfo | sls -pattern Component.AM
Linux
Code Block
/opt/ds_agent/dsa_query -c GetComponentInfo | grep Component.AM
Note

Component.AM.mode describes if the Malware Protection module is installed.

Component.AM.rules is the number of rules derived from the Armor Deep Security Manager.

Expand
titleStep 5: Send a support ticket

Click the following link to open a support ticket in AMP: https://amp.armor.com/support/tickets/new

To learn how to send a support ticket, see Support Tickets.

...

Reboot is required for Malware Protection.

...

Expand
titleStep 1: Reboot your server
Step 1: Reboot your server
Expand
titleStep 2: Send a support ticket

Click the following link to open a support ticket in AMP: https://amp.armor.com/support/tickets/new

To learn how to send a support ticket, see Support Tickets.

File Integrity Monitoring (FIM)

...

titleStep 1: Verify the status of the agent

...

gsv -displayname *trend*

...

ps_axu | grep ds_agent

...

titleStep 2: Check the connectivity of the agent

...

& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus | sls -pattern url

...

new-object System.Net.Sockets.TcpClient('146.88.106.210', 443)

...

/opt/ds_agent/dsa_query -c GetAgentStatus | grep AgentStatus.dsmUrl

...

titleStep 3: Manually heartbeat the agent

...

Code Block
PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds.

...

Code Block
/opt/ds_agent/dsa_control -m
Expand
titleStep 4: Send a support ticket

Click the following link to open a support ticket in AMP: https://amp.armor.com/support/tickets/new

To learn how to send a support ticket, see Support Tickets.

...

titleStep 1: Verify the status of the agent

...

gsv -displayname *trend*

...

ps_axu | grep ds_agent

...

titleStep 2: Check the connectivity of the agent

...

& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus | sls -pattern url

...

new-object System.Net.Sockets.TcpClient('146.88.106.210', 443)

...

/opt/ds_agent/dsa_query -c GetAgentStatus | grep AgentStatus.dsmUrl

...

titleStep 3: Manually heartbeat the agent

...

Code Block
PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds.

...

Code Block
/opt/ds_agent/dsa_control -m
Expand
titleStep 4: Check the components for the agent
Windows
Code Block
& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetComponentInfo | sls -pattern Component.IM
Linux
Code Block
/opt/ds_agent/dsa_query -c GetComponentInfo | grep Component.IM
Note

Component.IM.mode describes if the FIM module is installed.

Component.IM.rules is the number of rules derived from the Armor Deep Security Manager.

Expand
titleStep 5: Send a support ticket

Click the following link to open a support ticket in AMP: https://amp.armor.com/support/tickets/new

To learn how to send a support ticket, see Support Tickets.

...

titleStep 1: Verify the status of the agent

...

gsv -displayname *trend*

...

ps_axu | grep ds_agent

...

titleStep 2: Check the connectivity of the agent

...

& "C:\Program Files\Trend Micro\Deep Security Agent\dsa_query.cmd" -c GetAgentStatus | sls -pattern url

...

new-object System.Net.Sockets.TcpClient('146.88.106.210', 443)

...

/opt/ds_agent/dsa_query -c GetAgentStatus | grep AgentStatus.dsmUrl

...

titleStep 3: Manually heartbeat the agent

...

Code Block
PS C:\Users\Administrator> & "C:\Program Files\Trend Micro\Deep Security Agent\dsa_control.cmd" -m
HTTP Status: 200 - OK
Response:
Manager contact has been scheduled to occur in the next few seconds.

...

Code Block
/opt/ds_agent/dsa_control -m
Expand
titleStep 4: Send a support ticket

Click the following link to open a support ticket in AMP: https://amp.armor.com/support/tickets/new

To learn how to send a support ticket, see Support Tickets.

Excerpt Include
Troubleshoot logging score (snippet)
Troubleshoot logging score (snippet)
nopaneltrue

...

Excerpt Include
Troubleshoot Malware Protection scores (snippet)
Troubleshoot Malware Protection scores (snippet)
nopaneltrue

...

Excerpt Include
Troubleshoot FIM score (snippet)
Troubleshoot FIM score (snippet)
nopaneltrue

...

Intrusion Detection System (IDS)

...