Troubleshooting

Troubleshooting for K2 Agent Install on Node/VM/EC2.

Verify K2 Prevent Web Agent Installation

Docker Mode

Ensure that the K2 Prevent-Web agent is running on the host system.

Use the docker ps command to get information about the K2 Prevent-Web agent. If the output shows the running container, as in the following output, you have the K2 Prevent-Web agent running.

# docker ps | grep -w "k2agent"
c77da5d434c5 k2cyber/k2-agent-v1:1.10.2 "/bin/bash -c '/usr/…" 3 minutes ago Up 3 minutes k2agent"

If the machine does not have a K2 Prevent-Web agent running, it will show the empty output like below.

# docker ps | grep -w "k2agent"
#

Non Docker Mode

Service Based Installation

If K2 Agents Installed As A Root User

Ensure that the K2 Prevent-Web agent is running on the host system.

Use the systemctl status prevent-web-agent command to get information about the K2 Prevent-Web agent. If the output shows the running status of the service, as in the following output, you have K2 Prevent-Web agent running.

# systemctl status prevent-web-agent
prevent-web-agent.service - K2 segment agent
Loaded: loaded (/etc/systemd/system/prevent-web-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-02-19 12:11:34 UTC; 1min 20s ago

If the machine does not have a K2 Prevent-Web agent running, it will show the below output.
```
# systemctl status prevent-web-agent
Unit prevent-web-agent.service could not be found.
```

If K2 Agents Installed As A Non-Root User

Use the service prevent-web-agent status command to get information about the Prevent-Web agent. If the output shows the running status of the service, as in the following output, you have Prevent-Web agent running.

$ systemctl --user status prevent-web-agent
prevent-web-agent.service - K2 prevent web agent
Loaded: loaded (/home/centos/.config/systemd/user/prevent-web-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-08-05 12:11:34 UTC; 1min 20s ago

$ ps -ef | grep "com.k2cybersecurity.intcodeagent.Runner" | grep -v grep
centos 28238 28054 9 03:50 ? 00:00:36 /usr/bin/java -server -XX:MaxMetaspaceSize=100M -XX:+UseG1GC -XX:+UseStringDeduplication -XX:+UseContainerSupport -XX:NativeMemoryTracking=summary -XX:+HeapDumpOnOutOfMemoryError -Xms200m -Xmx700m -Djava.net.useSystemProxies=true -Dhttp.nonProxyHosts=localhost|127.0.0.*|::1 -cp /K2-IntcodeAgent-jar-with-dependencies.jar com.k2cybersecurity.intcodeagent.Runner

If the machine does not have a Prevent-Web agent running, it will show the below output.

$ systemctl --user status prevent-web-agent
Unit prevent-web-agent.service could not be found

$ ps -ef | grep "com.k2cybersecurity.intcodeagent.Runner" | grep -v grep

Process Based Installation

Verify the configured Cron job

If a cronjob is configured, you will see the below output

$ crontab -l
*/15 * * * * bash /home/centos/k2install/k2_agent_monitor.sh >/home/centos/k2install/k2_agent_monitor.sh

If the cronjob is not-configured, you will see the below output

$ crontab -l
no crontab for centos

Verify K2 Segment Agent Installation

Docker Mode

Ensure that the K2 Segment agent is running on the host system.

Use the docker ps command to get information about the K2 Segment agent. If the output shows the running container, as in the following output, you have the K2 Segment agent running.

# docker ps | grep -w "k2agent"
c77da5d434c5 k2cyber/k2-agent-v1:1.10.2 "/bin/bash -c '/usr/…" 3 minutes ago Up 3 minutes k2agent"

If the machine does not have a K2 Segment agent running, it will show the empty output like below.

# docker ps | grep -w "k2agent"
#

Non Docker Mode

Service Based Install

Root User

If you have done service based installation of K2 Agents with root user, Run below command

# systemctl status segment-agent.service segment-agent.service

If the service is running successfully, below will be the output

K2 segment agent Loaded: loaded (/etc/systemd/systemd/segment-agent.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-08-05 12:11:34 UTC; 1min 20s ago

If the service is not running or not present, you will be seeing below output

Unit segment-agent.service could not be found

Non Root User

If you have done service based installation of K2 Agents with non root user, Run below command

$ systemctl --user status segment-agent

If the service is running successfully, below will be the output

segment-agent.service - K2 segment agent Loaded: loaded (/home/centos/.config/systemd/user/segment-agent.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2021-08-05 12:11:34 UTC; 1min 20s agoIf the service is not running or not present, you will be seeing below output

Unit segment-agent.service could not be found

Process Based Install

If you have done process based installation of K2 Agents, Run below command

$ ps -ef | grep -i "go/bin/netsec" | grep -v grep

If the service is running successfully, below will be the output

centos 2343923430007:43 ? 00:00:00 /home/centos/k2install/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 --library-path /home/centos/k2install/lib:/home/centos/k2install/lib64: ... /home/centos/k2install/go/bin/k2-netsec-agent >> /home/centos/k2install/tmp/segment.log 2>&1
centos 2344023439007:43 ? 00:00:09 /home/centos/k2install/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 --library-path /home/centos/k2install/lib:/home/centos/k2install/lib64: ... /home/centos/k2install/go/bin/k2-netsec-agent

If the service is not running or not present, you will be seeing empty output.