Troubleshooting an Axon Agent

This section list troubleshooting procedures for Axon Agent, a list of Axon Agent error messages with resolutions, and instructions for creating a diagnostic support bundle for Tripwire Support.

Troubleshooting Procedures

If you encounter difficulties with an Axon Agent, complete the following steps: 

1. To confirm that the collection binaries are running, run the appropriate command on the Agent host system:

AIX: lssrc -s tw-axon-agent-tlc

Linux: service tw-axon-agent-tlc status

Windows: tasklist

Table 25. List of Axon Agent executables

Executable name

On
AIX or Linux
Axon Agents?

On
Windows
Axon Agents?

Description

tw-axon-agent-tlc

Y

Y

Agent service

twsupport

Y

Y

Support bundle collector

twtail

Y

Y

Advanced File Collector

twwel

 

Y

Advanced Windows Collector

twupgrade

Y

Y

Enables remote upgrade capabilities for the Agent

Note 

Plugins will not be listed if they are not currently in use.

2. To confirm that the Axon Agent has an open connection to the Axon Access Point on the TLC Manager (using port 5670, the default), run the appropriate command on the Agent host system:

AIX or Linux: netstat -an | grep 5670

Windows: netstat -an | findstr 5670

3. Open the Axon Agent log file (twagent.log):

AIX or Linux: /var/log/tripwire-tlc/twagent.log

Windows: %PROGRAMDATA%\Tripwire\agent-tlc\log\twagent.log

To interpret the messages in the Axon Agent log file, see Axon Agent Error Messages.

4. To confirm that the Axon Access Point is listening for Axon Agents (using port 5670, the default port), run the appropriate command on the TLC Manager:

AIX or Linux: netstat -an | grep 5670

Windows: netstat -an | findstr 5670

Axon Agent Error Messages

Table 26 lists error messages that you may encounter when configuring and using the Axon Agent. You can find these error messages in the Axon Agent log files:

AIX or Linux:

/var/log/tripwire-tlc/twagent.log

Windows:

%PROGRAMDATA%\Tripwire\agent-tlc\log\twagent.log

Table 26. Axon Agent error messages

Error message:
WARN tw-axon-agent-tlc.bridge BridgeTLSConnector::connect_() - No Access Point endpoints to connect to. Rescanning...

Cause:
The Axon Agent is unable to determine the Axon Access Point to connect to.

Resolution:
1) Check the bridge.host setting in the Axon Agent's twagent.conf file.

2) Check the Access Point system's DNS and DNS SRV record.

Error messages (Windows):
ERROR tw-axon-agent-tlc.bridge BridgeTLSConnector::handleConnectTimeOut() - Connect Timeout reached secs:[20], state=Connector::Failed

tw-axon-agent-tlc.bridge BridgeTLSConnector::handleConnect() - Failed, error:[system:121|The semaphore timeout period has expired]

Error messages (Linux):
ERROR tw-axon-agent-tlc.bridge BridgeTLSConnector::handleAnonymousHandshake() - Failed Connecting to host.example.com:5670, Error: [system: 104 | Connection reset by peer]

ERROR tw-axon-agent-tlc.bridge BridgeTLSConnector::handleConnect() - Failed, error:[system:111|Connection refused]

Cause:
The Axon Agent is unable to connect with the Axon Access Point.

Resolution:
Check your firewalls and network routing configuration.

Error message:
ERROR tw-axon-agent-tlc.bridge BridgeTLSConnector::handleAgentRegistrationResponse_() - Registration error, status value:[ERROR_INCORRECT_KEY], message: "The registration pre-shared key is incorrect.", Disconnecting...

Cause:
The registration pre-shared key on the Axon Access Point does not match the key that Axon Agents are using to authenticate and request certificates.

Resolution:
Verify that the registration pre-shared key configured on the Axon Access Point matches the pre-shared key in the registration_pre_shared_key.txt file that the Axon Agent is attempting to authenticate with.

Error messages:
WARN tw-axon-agent-tlcssl::sslInfoCallback() - TLSv1.2 write alert: fatal:unknown CA

ERROR tw-axon-agent-tlc.bridge BridgeTLSConnector::handleHandshake() - Failed Connecting to host.example.com:5670, Error: [asio.ssl: 336134278 | certificate verify failed]

Cause:
The certificate being used by the Axon Access Point and an Axon Agent have different CA’s. This can happen when Agents are moved between different Access Points.

Resolution:
Follow the process in Other Axon Agent Procedures to re-authenticate the Axon Agent with this Axon Access Point.

Error message:
ERROR tw-axon-agent-tlc.bridge BridgeTLSConnector::handleHandshake() - Failed Connecting to host.example.com:5670, Error: [asio.ssl: 336151574 | sslv3 alert certificate unknown]

Cause:
The certificate for an Axon Agent has been revoked on the Axon Access Point.

Resolution:
Follow the process in Other Axon Agent Procedures to re-authenticate the Axon Agent with this Axon Access Point.

Error message:
ERROR tw-axon-agent-tlc.bridge BridgeTLSConnector::handleAnonymousHandshake() - Failed Connecting to host.example.com:5670, Error: [asio.ssl: 336130315 | wrong version number]

Cause:
The Axon Access Point and the Axon Agent do not have a TLS version in common.

Resolution:
Follow the process in Configuring TLS Versions and Cipher Suites to configure a common TLS version on the Axon Access Point and Axon Agents.

Error messages:
ERROR tw-axon-agent-tlc.bridge BridgeTLSConnector::handleAnonymousHandshake() - Failed Connecting to host.example.com:5670, Error: [asio.ssl: 336151568 | sslv3 alert handshake failure]

ERROR tw-axon-agent-tlc.bridge BridgeTLSConnector::handleAnonymousHandshake() - Failed Connecting to host.example.com:5670, Error: [asio.ssl: 336081077 | no ciphers available]

Cause:
The Axon Access Point and the Axon Agent do not have a TLS cipher suite in common.

Resolution:
Follow the process in Configuring TLS Versions and Cipher Suites to configure one or more common TLS cipher suites on the Axon Access Point and Axon Agents.

Creating a Support Bundle

To create a support bundle for analysis by Tripwire Support, run the appropriate command on the Axon Agent host system.

AIX or Linux:

/opt/tripwire/agent-tlc/plugins/twsupport/twsupport --generate.bundle=<zip_file>

Windows:

“<Program_Files>\Tripwire\Agent-TLC\plugins\twsupport\twsupport”
--generate.bundle=<zip_file>

where <zip_file> is the support bundle zip file to be created.