Arctic Wolf Agent Troubleshooting

Updated Jul 31, 2023

Troubleshooting Arctic Wolf Agent on Linux

Troubleshooting Arctic Wolf Agent on Linux

Overview

This document provides troubleshooting steps for some common issues when installing Arctic Wolf® Agent on Linux.

Verify if the service is running

To verify if the service is running:

Run these commands to determine the status of the service:

service arcticwolfagent status
service arcticwolfdesktop status
service wazuh-agent status

If:
- All of the services are active — The installation is complete.
- One or more of the services are anything other than active — Save the command results for context, and proceed to Verify the presence of the customer.json file.

Verify the presence of the customer.json file

To verify the presence of the customer.json file:

Open /var/arcticwolfnetworks/agent/etc/customer.json to confirm that the customer.json file exists:
- If the customer.json file is not present — Proceed to step 2.
- If the customer.json file is present — Proceed to step 3.
Attempt to reinstall, following the instructions in Arctic Wolf Agent Installation on Linux. If the installation fails, proceed to step 3.

Open the customer.json file to confirm that these six fields are present, although field values may differ:

{   
    "customerUuid":"",
    "clientUuid": "",
    "registerDns": "prod-scout-reg.rootsoc.com",
    "manageDns": "example-manage.rootsoc.com",
    "serverDns": "example-server.rootsoc.com",
    "upgradeTime": "0001-01-01T00:00:00Z"
}

If the customer.json file contains:
- All six fields — Proceed to Verify the presence of the client.keys file.
- Only the customerUuid and registerDns fields — Proceed to step 5.
Run this command to confirm that you have internet connectivity: nc -vz prod-scout-reg.rootsoc.com 443

Tip: If netcat (nc) is not automatically installed on your CentOS or Red Hat system, run yum install nmap-ncat to install it.
Run the sudo service arcticwolfagent restart command.
Wait a few moments after the restart, and then proceed to Verify if the service is running.
If the service is still not active, send the log files to your Concierge Security® Team (CST).

Verify the presence of the client.keys file

To verify the presence of the client.keys file, open /var/arcticwolfnetworks/agent/etc/client.keys to confirm if the client.keys file exists:

If this file exists - The agent registered successfully.
If the file does not exist - Send these log files to your CST:
- /var/arcticwolfnetworks/agent/logs/scout-client-manager.log
- /var/arcticwolfnetworks/agent/logs/ossec.log