Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Utilities for CTE Management

Agent Health Utility

search

Please Note:

printsuggest an editpdf paneldownload

Agent Health Utility

The agenthealth utility validates:

  • Super-user privilege

  • CTE Agent installation

  • CTE registration to CipherTrust Manager Server

  • CTE processes/ modules that are running

  • Available disk resources

  • Current GuardPoints

  • Tests if the agent can reach the GuardPoints

  • CTE log directory resource status

  • This directory contains pending CTE log files for upload. This utility reports the size and number of pending files for upload. These text files are logs that contain vmd/SecFS information. They are regenerated whenever secfs restarts. If the number of files is unexpectedly large, this can indicate a problem.

copy link to clipboardThe Agent Health check script

By default, the agenthealth script is installed in /opt/vormetric/DataSecurityExpert/agent/vmd/bin.

To run the agenthealth check script, type:

./opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth

System Response

Checking for super-user privilege ................ OK
CipherTrust Agent installation ................... OK
CipherTrust policy directory ..................... OK
Registration to server ........................... OK
Kernel modules are loaded ........................ OK
VMD is running ................................... OK
SECFSD is running ................................ OK
dsm4209.sjinternal.com is resolvable ............. OK
dsm4209.sjinternal.com port 8446 is reachable .... OK
dsm4209.sjinternal.com port 8447 is reachable .... OK
Can communicate to at least one server ........... OK
VMD is listening on port 7024 .................... OK
Time of last update from server .................. 2021-07-07 15:47:08.290
Checking available disk space .................... OK
Checking logging space ........................... OK
        Log directory is "/var/log/vormetric"
        File system for log data is "/", 48G free (5% full)
        Log directory contains 9 of maximum 200 files (4% full)
        Log directory contains 1 of maximum 100 Mbytes used (1% full)
Testing access to /media ......................... OK
Testing access to /usr/data/sub1 ................. OK
[root@agt4206 bin]#

copy link to clipboardAgent Health Return Codes

Previously, the agent health return codes were only available in /var/log/vormetric/agenthealth.log. Now, the following options are also available through the help pages:

copy link to clipboardHelp

This agent health script checks various facets of the CipherTrust agent to make sure that everything is functioning properly. Results are also logged to /var/log/vormetric/agenthealth.log.

Syntax

./opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth --help

copy link to clipboardReturn Codes

Use the return code option to get a list of the return codes and what they mean. The codes are returned if the Agent is not running.

Syntax

./opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth --return_codes

Response

Return Code Definition
EPERM User is not root.
ENOENT One of the programs used in this script does not exist. See /var/log/vormetric/agenthealth.log for which program is missing.
ENOPKG Agent software is not properly installed. Agent configuration directory is missing or corrupt. See /var/log/vormetric/agenthealth.log for more details.
EPROTO Agent is not registered to a key manager. Register the agent to a key manager and try again. Try the wait option if the agent has never started correctly after registration. See /var/log/vormetric/agenthealth.log for more details.
EIO Kernel modules are not loaded. To load a kernel module, type: /etc/vormetric/secfs start
ESRCH VMD is not running. To start vmd manually, type: /usr/bin/vmd
SECFSD Secfsd is not running. To start the secfsd manually, type /usr/bin/secfsd
EHOSTUNREACH Unable to reach the Key Manager. Check network connectivity.
ECONNREFUSED VMD is not listening. VMD did not finish initialization. See /var/log/vormetric/vmd.log
EWOULDBLOCK VMD is attempting to connect to the Key Manager but has exceeded the designated wait time. Check /var/log/vormetric/vmd.log to fix any issues and retry.

copy link to clipboardWait Time

Use --w to set a maximum wait time in seconds. The minimum is 10 seconds to test for the VMD to Key Manager initial contact. The default setting is 0, which means that there is no wait. Maximum is 1200 seconds.

Syntax

[root@agt4206 bin]# ./opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth --w <value>

Example

[root@agt4206 bin]# ./opt/vormetric/DataSecurityExpert/agent/vmd/bin//agenthealth --w 60

Response

Checking for super-user privilege ................ OK
CipherTrust Agent installation ................... OK
CipherTrust policy directory ..................... OK
Registration to server ........................... OK
Kernel modules are loaded ........................ OK
VMD is running ................................... OK
SECFSD is running ................................ OK
dsm148.i.vormetric.com is resolvable ............. OK
dsm148.i.vormetric.com port 8446 is reachable .... OK
dsm148.i.vormetric.com port 8447 is reachable .... OK
Can communicate to at least one server ........... OK
VMD is listening on port 7024 .................... OK
Time of last update from server .................. 2021-08-18 10:34:56.665
Checking available disk space .................... OK
Checking logging space ........................... OK
Log directory is "/var/log/vormetric"
File system for log data is "/", 29G free (23% full)
Log directory contains 1 of maximum 200 files (0% full)
Log directory contains 0 of maximum 100 Mbytes used (0% full)

If the customer did not use the wait time options, the output would look similar to the following:

/opt/vormetric/DataSecurityExpert/agent/vmd/bin/agenthealth
Checking for super-user privilege ................ OK
CipherTrust Agent installation ................... OK
CipherTrust policy directory ..................... OK
Registration to server ........................... OK
Kernel modules are loaded ........................ OK
VMD is running ................................... OK
SECFSD is running ................................ OK
Can communicate to at least one server ........... FAILED
For more information consult the log file /var/log/vormetric/agenthealth.log

On this page

  • Agent Health Return Codes