This section list troubleshooting procedures for the Agent, a list of Agent error messages with resolutions, and instructions for creating a diagnostic support bundle for Tripwire Support.
If you encounter difficulties with an Agent, complete the following steps:
1. | To confirm that the collection binaries are running, run the appropriate command on the Agent host system: |
Linux: ps -ef
Windows: tasklist
Executable name |
On |
On |
Description |
---|---|---|---|
twagent |
Y |
Y |
Agent service |
twexec |
Y |
Y |
Command collector |
twfim |
Y |
Y |
File and Registry collector |
twrsop |
|
Y |
Windows policy collector |
twsupport |
Y |
Y |
Support bundle collector |
twtail |
Y |
Y |
Advanced file collector |
twwel |
|
Y |
Advanced Windows collector |
Note |
Plugins will not be listed if they are not currently in use. |
---|
2. | To confirm that the Agent has an open connection to the Bridge on the TLC Manager (using port 5670, the default), run the appropriate command on the Agent host system: |
Linux: netstat -an | grep 5670
Windows: netstat -an | findstr 5670
3. | Open the Agent log file (twagent.log): |
Linux: /var/log/tripwire/twagent.log
Windows: %PROGRAMDATA%\Tripwire\agent\log\twagent.log
To interpret the messages in the Agent log file, see Agent Error Messages.
4. | To confirm that the Bridge is listening for Agents (using port 5670, the default port), run the appropriate command on the TLC Manager: |
Linux: netstat -an | grep 5670
Windows: netstat -an | findstr 5670
Table 25 lists error messages that you may encounter when configuring and using the Agent. You can find these error messages in the Agent log files:
Linux:
/var/log/tripwire/twagent.log
Windows:
%PROGRAMDATA%\Tripwire\agent\log\twagent.log
Error message:
Cause:
Resolution:
2) Check the Bridge system's DNS and DNS SRV record. |
Error messages (Windows):
twagent.bridge BridgeTLSConnector::handleConnect() - Failed, error:[system:121|The semaphore timeout period has expired] Error messages (Linux):
ERROR twagent.bridge BridgeTLSConnector::handleConnect() - Failed, error:[system:111|Connection refused] Cause:
Resolution:
|
Error message:
Cause:
Resolution:
|
Error messages:
ERROR twagent.bridge BridgeTLSConnector::handleHandshake() - Failed Connecting to host.example.com:5670, Error: [asio.ssl: 336134278 | certificate verify failed] Cause:
Resolution:
|
Error message:
Cause:
Resolution:
|
Error message:
Cause:
Resolution:
|
Error messages:
ERROR twagent.bridge BridgeTLSConnector::handleAnonymousHandshake() - Failed Connecting to host.example.com:5670, Error: [asio.ssl: 336081077 | no ciphers available] Cause:
Resolution:
|
To create a support bundle for analysis by Tripwire Support, run the appropriate command on the Agent host system.
Linux:
/opt/tripwire/agent/plugins/twsupport/twsupport --generate.bundle=<zip_file>
Windows:
“<Program_Files>\Tripwire\Agent\plugins\twsupport\twsupport”
--generate.bundle=<zip_file>
where <zip_file> is the support bundle zip file to be created.