This guide explains how to troubleshoot the Cmd Audit agent if one or more servers do not appear in the web app after you follow the steps to install the agent on a server or deploy it to a group of servers.

Preliminary checks

First, check the basics:

  • Ensure the target servers are running on supported OSes.
  • If you're using a firewall, make sure Cmd's domains are on your allowlist.
  • Check that the target servers have consistent internet connections.

If you received a terminal message reporting an issue with your project key while attempting to install, contact Cmd support.


1. Check if ‘Disable server’ is on in the Server management page

  • Go to the ‘Sources’ page, and click Manage servers.
  • Disabled servers say “Paused” on the right side, as shown here:
  • If it was disabled, troubleshooting may be surprisingly easy! Click the three-dot menu icon on the right side of the server's row, and select Enable server.
  • Or, if it was already enabled, go to step 2.

2. Check if the agent is installed:

  • On CentOS or RHEL, use: rpm -q cmd .
  • On Debian or Ubuntu, use: dpkg -s cmd

These commands should output the agent package version, e.g.:

$ dpkg -s cmd
Package: cmd
Status: install ok installed
Priority: extra
Section: misc
Installed-Size: 4816
Maintainer: https://www.cmd.com
Architecture: amd64
Version: 1.1.0-12
Depends: libc6 (>= 2.12)
Conflicts: ccf
Conffiles:
/etc/cmd/cmd.init dce33f100bd4b08d698ccfb3997382be
/etc/cmd/cmd.service 81b1ff0610479e6a62f0dc0b4437454e
/etc/cmd/cmd.upstart 667f6479c7abc46d6c66776131dc6e86
/etc/cmd/pkg 38db7ce1861ee11b6a231c764662b68a
Description: Cmd Agent Software
License: Proprietary, GPLv2
Vendor: CmdWatch Security
Homepage: https://www.cmd.com
$
  • If you don’t get similar output, go and install the agent.
  • If you do, go to step 3.


3. Check if the daemon is running:

  • The command pgrep cmd should output a PID. If so, the daemon is running. Go to step 4.
  • If not, restart the daemon:
    For servers with systemd based init (Centos7/Ubuntu16/Amzn2 and newer), use the following:
    systemctl stop cmd
    systemctl start cmd

    For servers with upstart based init (Centos6/Ubuntu14/Amzn1-2018 and older), use the following:
    initctl stop cmd
    initctl start cmd

Again check if pgrep cmd_daemon outputs a PID. If not, contact Cmd support. If so, start a new session on the server, log in to the Cmd web app and check whether data from the server appears. If not, go to step 4.

4. Verify that the kernel is supported.

  • Go to the servers page
  • If the kernel is not supported, you will see a warning message below each unsupported kernel:
  • If you are using an upsupported kernel, contact Cmd support to learn about when it might be supported, and your options.


5. Verify the config.ini

The agent requires two variables in /etc/cmd/config.ini : url and sos_url .

  • For url , set the following: url=https://<SUB>.c-app.cmd.com/ws
  • For sos_url , set the following: https://<SUB>.sos-app.cmd.com/

In each URL, replace <SUB> with the subdomain of your Cmd web app instance. For example, the following commands would be correct for a web app instance with the URL https://sub1.app.cmd.com/ :


URL:

echo url=https://sub1.c-app.cmd.com/ws | sudo tee --append /etc/cmd/config.ini


SOS_URL:

echo sos_url=https://sub1.sos-app.cmd.com | sudo tee --append /etc/cmd/config.ini

6. Check the agent status API:

If problems persist, check the agent's status using the agent status API.

Contact Cmd support for further assistance.

Did this answer your question?