Agent Health Utility
The agenthealth utility validates:
-
Super-user privilege
-
CTE Agent installation
-
CTE registration to CipherTrust Manager Server
-
CTE processes/ modules that are running
-
Available disk resources
-
Current GuardPoints
-
Tests if the agent can reach the GuardPoints
-
CTE log directory resource status
-
This directory contains pending CTE log files for upload. This utility reports the size and number of pending files for upload. These text files are logs that contain vmd/SecFS information. They are regenerated whenever secfs restarts. If the number of files is unexpectedly large, this can indicate a problem.
The Agent Health check script
By default, the agenthealth script is installed in /opt/vormetric/DataSecurityExpert/agent/vmd/bin.
To run the agenthealth check script, type:
./opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth
System Response
Checking for super-user privilege ................ OK
CipherTrust Agent installation ................... OK
CipherTrust policy directory ..................... OK
Registration to server ........................... OK
Kernel modules are loaded ........................ OK
VMD is running ................................... OK
SECFSD is running ................................ OK
dsm4209.sjinternal.com is resolvable ............. OK
dsm4209.sjinternal.com port 8446 is reachable .... OK
dsm4209.sjinternal.com port 8447 is reachable .... OK
Can communicate to at least one server ........... OK
VMD is listening on port 7024 .................... OK
Time of last update from server .................. 2021-07-07 15:47:08.290
Checking available disk space .................... OK
Checking logging space ........................... OK
Log directory is "/var/log/vormetric"
File system for log data is "/", 48G free (5% full)
Log directory contains 9 of maximum 200 files (4% full)
Log directory contains 1 of maximum 100 Mbytes used (1% full)
Testing access to /media ......................... OK
Testing access to /usr/data/sub1 ................. OK
[root@agt4206 bin]#
Agent Health Return Codes
Previously, the agent health return codes were only available in /var/log/vormetric/agenthealth.log. Now, the following options are also available through the help pages:
Help
This agent health script checks various facets of the CipherTrust agent to make sure that everything is functioning properly. Results are also logged to /var/log/vormetric/agenthealth.log.
Syntax
./opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth --help
Return Codes
Use the return code option to get a list of the return codes and what they mean. The codes are returned if the Agent is not running.
Syntax
./opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth --return_codes
Response
| Return Code | Definition |
|---|---|
| EPERM | User is not root. |
| ENOENT | One of the programs used in this script does not exist. See /var/log/vormetric/agenthealth.log for which program is missing. |
| ENOPKG | Agent software is not properly installed. Agent configuration directory is missing or corrupt. See /var/log/vormetric/agenthealth.log for more details. |
| EPROTO | Agent is not registered to a key manager. Register the agent to a key manager and try again. Try the wait option if the agent has never started correctly after registration. See /var/log/vormetric/agenthealth.log for more details. |
| EIO | Kernel modules are not loaded. To load a kernel module, type: /etc/vormetric/secfs start |
| ESRCH | VMD is not running. To start vmd manually, type: /usr/bin/vmd |
| SECFSD | Secfsd is not running. To start the secfsd manually, type /usr/bin/secfsd |
| EHOSTUNREACH | Unable to reach the Key Manager. Check network connectivity. |
| ECONNREFUSED | VMD is not listening. VMD did not finish initialization. See /var/log/vormetric/vmd.log |
| EWOULDBLOCK | VMD is attempting to connect to the Key Manager but has exceeded the designated wait time. Check /var/log/vormetric/vmd.log to fix any issues and retry. |
Wait Time
Use --w to set a maximum wait time in seconds. The minimum is 10 seconds to test for the VMD to Key Manager initial contact. The default setting is 0, which means that there is no wait. Maximum is 1200 seconds.
Syntax
[root@agt4206 bin]# ./opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth --w <value>
Example
[root@agt4206 bin]# ./opt/vormetric/DataSecurityExpert/agent/vmd/bin//agenthealth --w 60
Response
Checking for super-user privilege ................ OK
CipherTrust Agent installation ................... OK
CipherTrust policy directory ..................... OK
Registration to server ........................... OK
Kernel modules are loaded ........................ OK
VMD is running ................................... OK
SECFSD is running ................................ OK
dsm148.i.vormetric.com is resolvable ............. OK
dsm148.i.vormetric.com port 8446 is reachable .... OK
dsm148.i.vormetric.com port 8447 is reachable .... OK
Can communicate to at least one server ........... OK
VMD is listening on port 7024 .................... OK
Time of last update from server .................. 2021-08-18 10:34:56.665
Checking available disk space .................... OK
Checking logging space ........................... OK
Log directory is "/var/log/vormetric"
File system for log data is "/", 29G free (23% full)
Log directory contains 1 of maximum 200 files (0% full)
Log directory contains 0 of maximum 100 Mbytes used (0% full)
If the customer did not use the wait time options, the output would look similar to the following:
/opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth
Checking for super-user privilege ................ OK
CipherTrust Agent installation ................... OK
CipherTrust policy directory ..................... OK
Registration to server ........................... OK
Kernel modules are loaded ........................ OK
VMD is running ................................... OK
SECFSD is running ................................ OK
Can communicate to at least one server ........... FAILED
For more information consult the log file /var/log/vormetric/agenthealth.log
