Release Notes and Announcements

Release Notes

Announcements

Getting Started

Product Introduction

Overview

Advantages

Basic Concepts

Scenarios

Associated Products

Features in Different Editions

Purchase Guide

Purchase Security Protection Licenses

Purchasing Log Analysis Service

Quick Start

Operation Guide

Security Dashboard

Asset Overview

Server List

Asset Fingerprint

Vulnerability Management

Baseline Management

Malicious File Scan

Unusual Login

Password Cracking

Malicious Requests

High-risk Commands

Local Privilege Escalation

Reverse Shell

Java Webshell

Critical File Monitor

Network Attack

A Ransomware Defense

Log Analysis

License Management

Alarm Setting

Cloud Access Management

Hybrid Cloud Installation Guide

FAQs for Beginners

Cloud Workload Protection Description

Feature Description

Agent Process Description

A Security Baseline Detection List

Parsing of JSON Format Alarm Data

Log Field Data Parsing

Agent Installation Guide

Security Score Overview

Practical Tutorial

Auto Fix of Vulnerabilities

Malicious File Processing

Troubleshooting

Intrusions on Linux

Intrusions on Windows

Offline Agent on Linux

Offline Agent on Windows

An Abnormal Log-in Notification

API Documentation

History

Introduction

API Category

Asset Management APIs

Virus Scanning APIs

Abnormal Log-in APIs

Password Cracking APIs

Malicious Request APIs

High-Risk Command APIs

Local Privilege Escalation APIs

Reverse Shell APIs

Vulnerability Management APIs

New Baseline Management APIs

Baseline Management APIs

Advanced Defense APIs

Security Operation APIs

Expert Service APIs

Other APIs

Overview Statistics APIs

Settings Center APIs

Making API Requests

Intrusion Detection APIs

Data Types

Error Codes

FAQs

Agreements

Service Level Agreement

Data Processing And Security Agreement

Glossary

Offline Agent on Linux

PDF

Focus Mode

Font Size

Last updated: 2023-12-26 16:40:17

﻿This topic describes how to troubleshoot the CWPP agent running on Linux, including how to troubleshoot the failed startup of CWPP agent processes and network failures.
Failed Startup of CWPP Agent Processes
1. Enter the command ps -ef|grep YD to check whether the CWPP processes exist.
Normally, CWPP has two processes as shown below:
﻿
﻿
If the processes do not exist, possible reasons include the following:
The CWPP agent is not installed on the server or has been uninstalled from the server. Please install it by following the steps described in Getting Started
The agent has a conflict or crash, which leads to the failed startup of processes.
2. If CWPP agent has been installed on the server, troubleshoot the problem using the following method:
View the agent log stored in /usr/local/qcloud/YunJing/log.
Run the command sh /usr/local/qcloud/YunJing/startYD.sh to start CWPP.
Network Failures
If the processes exist, but CWPP is offline, the issue is caused by network disconnection in most cases. Troubleshoot the issue by following the steps below:    
1. If you are unable to access the CWPP security domain, try changing the DNS. Run the following command line to check whether the CWPP security domain is accessible: 
VPC or CPM environment: telnet s.yd.tencentyun.com 5574.
 Normally, the returned result is as shown below:
﻿
﻿
If it is inaccessible：
  a. Change the field dns nameserver: vim /etc/resolv.confnameserver 183.60.83.19nameserver 183.60.82.98
  b. Then run telnet s.yd.tencentyun.com 5574 again to check whether you can connect to it.
  
﻿

  c. If it can be connected, wait for a few minutes (the time length depends on the network conditions), and then you will see that the server is online again.
Basic network environment (non-VPC servers): telnet s.yd.qcloud.com 5574.
 Normally, the returned result is as shown below:
 
﻿
﻿
If it is inaccessible：
  a. Change the field dns nameserver: vim /etc/resolv.conf. Comment the original field nameserver first, and then add a new nameserver field.
  b. Then run telnet s.yd.qcloud.com 5574 again to check whether you can connect to it.
  c. If it can be connected, wait for a few minutes (the time length depends on the network conditions), and then you will see that the server is online again.
2. Make sure your firewall policies allow the TCP ports 5574, 8080, 80, and 9080.
3. If the CWPP processes exist and the offline state of the CWPP agent is not caused by network issues, package the agent logs (log path: /usr/local/qcloud/YunJing/log) and submit a ticket for feedback.