This guide explains how to troubleshoot the Cmd Audit agent if one or more servers do not appear in the web app after you follow the steps to install the agent on a server or deploy it to a group of servers.
First, check the basics:
Ensure the target servers are running on supported OSes.
If you're using a firewall, make sure Cmd's domains are on your allowlist.
Check that the target servers have consistent internet connections.
If you received a terminal message reporting an issue with your project key while attempting to install, contact Cmd support.
1. Check if ‘Disable server’ is on in the Server management page
Go to the ‘Sources’ page, and click Manage servers.
Disabled servers say “Paused” on the right side, as shown here:
If it was disabled, troubleshooting may be surprisingly easy! Click the three-dot menu icon on the right side of the server's row, and select Enable server.
Or, if it was already enabled, go to step 2.
2. Check if the agent is installed:
On CentOS or RHEL, use:
rpm -q cmd.
On Debian or Ubuntu, use:
dpkg -s cmd
These commands should output the agent package version, e.g.:
$ dpkg -s cmd
Status: install ok installed
Depends: libc6 (>= 2.12)
Description: Cmd Agent Software
License: Proprietary, GPLv2
Vendor: CmdWatch Security
If you don’t get similar output, go and install the agent.
If you do, go to step 3.
3. Check if the daemon is running:
pgrep cmdshould output a PID. If so, the daemon is running. Go to step 4.
If not, restart the daemon:
For servers with systemd based init (Centos7/Ubuntu16/Amzn2 and newer), use the following:
systemctl stop cmd
systemctl start cmd
For servers with upstart based init (Centos6/Ubuntu14/Amzn1-2018 and older), use the following:
initctl stop cmd
initctl start cmd
Again check if
pgrep cmd_daemon outputs a PID. If not, contact Cmd support. If so, start a new session on the server, log in to the Cmd web app and check whether data from the server appears. If not, go to step 4.
4. Verify that the kernel is supported.
Go to the servers page
If the kernel is not supported, you will see a warning message below each unsupported kernel:
If you are using an upsupported kernel, contact Cmd support to learn about when it might be supported, and your options.
5. Verify the config.ini
The agent requires two variables in
url, set the following:
sos_url, set the following:
In each URL, replace
<SUB> with the subdomain of your Cmd web app instance. For example, the following commands would be correct for a web app instance with the URL
echo url=https://sub1.c-app.cmd.com/ws | sudo tee --append /etc/cmd/config.ini
echo sos_url=https://sub1.sos-app.cmd.com | sudo tee --append /etc/cmd/config.ini
6. Check the agent status API:
If problems persist, check the agent's status using the agent status API.
Contact Cmd support for further assistance.