Jump to content

Archived

This topic is now archived and is closed to further replies.

Megachip

Agent dies to often!?

Recommended Posts

Aprox 1/2 of my test clients have no recent connection to the server :( Looks like there agents died.

 

Second problem, agents seems to log in UTC (the clientime is not utc) while server is local time.

 

In 6.1.33 is there finally a protection for disabling or uninstalling the agent by the user?

 

Thx for the infomations,

 

meg

Share this post


Link to post
Share on other sites

Agent does log in UTC. Most log files, on most systems, log in UTC. Otherwise it's a nightmare to diagnose problems.

 

For the agents that have dies, what's showing in the log? We don;t get any agents failing (well over 100 installs, closer to 200 probably).

 

 

The users shouldn't be local admins anyway......

 

 

Jim

Share this post


Link to post
Share on other sites

Does restarting the agent service make a difference?

All ERA components log in UTC, there's no exception to this. The only explanation for that is the time on the server wasn't set correctly.

Agent itself cannot have self-protection. Most likely we will protect it by self-defense in ESET's products in the future.

Share this post


Link to post
Share on other sites

Agent does log in UTC. Most log files, on most systems, log in UTC. Otherwise it's a nightmare to diagnose problems.

Thats the problem. Agent log told me 10:57 but ERAS say 12:57 ... Afaik ERAS logs did not contain agent problems (e.g. no connection).

 

 

For the agents that have dies, what's showing in the log? We don;t get any agents failing (well over 100 installs, closer to 200 probably).

 

 

Nothing. The deamon simply not running and not connecting to server. No crash or something loggt.

 

It logged a shutdown. Why daemon shuts down?

2015-05-27 13:13:52 Information: Kernel [Thread 0xa06b61d4]: Started module CRDSensorConnectorModule (used 0 KB)
2015-05-27 13:13:52 Information: SchedulerModule [Thread 0xb0525000]: Received message: GetRemainingTimeByUserDataRequest
2015-05-27 13:13:52 Information: SchedulerModule [Thread 0xb0525000]: Received message: GetRemainingTimeByUserDataRequest
2015-05-27 13:13:52 Information: Kernel [Thread 0xa06b61d4]: Used memory after modules start-up is 40148 KB
2015-05-27 15:14:46 Information: Kernel [Thread 0xa06b61d4]: Used memory before modules shutdown is 41420 KB
2015-05-27 15:14:46 Information: Kernel [Thread 0xa06b61d4]: Preparing to stop 
Interesting... exact the same thing happens 5 min before on another OS X maschine. but without the message

The users shouldn't be local admins anyway......

 

Not possible in our infrastructure. Hope it will implemented soon as self protection.

 

 

Does restarting the agent service make a difference?

All ERA components log in UTC, there's no exception to this. The only explanation for that is the time on the server wasn't set correctly.

Agent itself cannot have self-protection. Most likely we will protect it by self-defense in ESET's products in the future.

 

Rebooting system helps ;) How to restart Agent on OS X? Tried to starting the app but did not solve the problem.

Share this post


Link to post
Share on other sites

Hey Megachip, in regards to your last question about restarting the Agent on OS X:

 

sudo stop com.eset.remoteadministrator.agent

sudo launchctl start com.eset.remoteadministrator.agent

 

I've had success in the past pushing those commands as a 'Run Command' task to OS X clients.

Share this post


Link to post
Share on other sites

I've had success in the past pushing those commands as a 'Run Command' task to OS X clients.

Do you have running 2 commands? If the Agent is dead/not running, how it could restart himself?

 

@Marcos:

There should be a watchdog or something, which restarts agent. Seen that the agent on Server crashed (or shut down) on 5.05... no connection since this time :(

2015-05-05 11:02:49 Information: Kernel [Thread 7f1029511700]: Used memory after modules start-up is 49712 KB
2015-05-05 11:02:49 Error: CMDMCoreConnectorModule [Thread 7f0fc97fb700]: Cannot connect to MDMCore using IPv6: Net Exception, Address family not supported
2015-05-05 11:02:49 Error: CMDMCoreConnectorModule [Thread 7f0fc97fb700]: Net Exception
2015-05-05 11:09:15 Information: Kernel [Thread 7f1029511700]: Used memory before modules shutdown is 64728 KB

EDIT: Looks like this interferences with the following bug. The bad thing: eraagent can't be stopped via init/systemctl and can't be run if mdm is running :/

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...