Running Genian Agent is not Detected in WebUI
The node is currently up, and the agent is running, but the agent is marked as down in the Web Console.
The Genian Agent sends a keep-alive packet to the Policy Server once every two minutes to let you know its operational status.
The policy server changes the agent's operation status to "no action" by default when it does not receive the keep-alive packet from the Genian Agent for 10 minutes.
The following situations can disrupt this keep-alive packet resulting in a false down status:
- Packet control in a firewall between Policy Server and Genian Agent.
- A PC's antivirus solution preventing Genian Agent process from sending data.
- The Agent is not properly generating the keepalive packet.
Checking communication between Policy Server and Genian Agent
- Using SSH on the Policy Sever and Network Sensor follow the steps below:
Genians$ tcpdump -i eth[interface number] host [Node IP address] [keep-alive port]
tcpdump -i eth0 host 10.10.10.245 24378
If no traffic keep-alive traffic is detected:
- Verify communication path between policy server and agent on the keep-alive port. Ensure necessary exceptions on firewalls or other appliances.
- (Windows) Enable local logging to determine that the agent is generating and sending the keepalive packet.
- In the Registry, find
If keep-alive traffic is detected:
- There may be a problem with the Agent installation or Policy Server
- Use the Syscollect function on the Policy Server to send info to Genians engineers.
- Obtain logs from Agent and send to Genians engineers.