Arctic Wolf Agent Troubleshooting
Updated Jul 31, 2023Troubleshooting Arctic Wolf Agent on Linux
Overview
This document provides troubleshooting steps for some common issues when installing Arctic Wolf® Agent on Linux.
Verify if the service is running
To verify if the service is running:
- Run these commands to determine the status of the service:
service arcticwolfagent status service arcticwolfdesktop status service wazuh-agent status
- If:
- All of the services are active — The installation is complete.
- One or more of the services are anything other than active — Save the command results for context, and proceed to Verify the presence of the customer.json file.
Verify the presence of the customer.json file
To verify the presence of the customer.json file:
-
Open /var/arcticwolfnetworks/agent/etc/customer.json to confirm that the customer.json file exists:
- If the customer.json file is not present — Proceed to step 2.
- If the customer.json file is present — Proceed to step 3.
-
Attempt to reinstall, following the instructions in Arctic Wolf Agent Installation on Linux. If the installation fails, proceed to step 3.
-
Open the customer.json file to confirm that these six fields are present, although field values may differ:
{ "customerUuid":"", "clientUuid": "", "registerDns": "prod-scout-reg.rootsoc.com", "manageDns": "example-manage.rootsoc.com", "serverDns": "example-server.rootsoc.com", "upgradeTime": "0001-01-01T00:00:00Z" }
-
If the customer.json file contains:
- All six fields — Proceed to Verify the presence of the client.keys file.
- Only the
customerUuid
andregisterDns
fields — Proceed to step 5.
-
Run this command to confirm that you have internet connectivity:
nc -vz prod-scout-reg.rootsoc.com 443
Tip: If netcat (nc) is not automatically installed on your CentOS or Red Hat system, run
yum install nmap-ncat
to install it. -
Run the
sudo service arcticwolfagent restart
command. -
Wait a few moments after the restart, and then proceed to Verify if the service is running.
-
If the service is still not active, send the log files to your Concierge Security® Team (CST).
Verify the presence of the client.keys file
To verify the presence of the client.keys file, open /var/arcticwolfnetworks/agent/etc/client.keys to confirm if the client.keys file exists:
- If this file exists - The agent registered successfully.
- If the file does not exist - Send these log files to your CST:
- /var/arcticwolfnetworks/agent/logs/scout-client-manager.log
- /var/arcticwolfnetworks/agent/logs/ossec.log