Possible issues of EtherSensor Agent and solutions

<< Click to Display Table of Contents >>

Navigation:  Sensor Settings > EtherSensor Agent > Working with the Agent >

Possible issues of EtherSensor Agent and solutions

EtherSensor Agent service does not start.

Check the EtherSensor Agent configuration for port settings for the Microolap EtherSensor and EtherStat servers, and the local port value: the Local, EtherSensor and EtherStat tags. The ports must not be the same. Otherwise the service may operate incorrectly and stop its process.

Check the log files (svcagent.log, ethersensor_agent.exe.log) for any error messages of EtherSensor Agent.

Check the Windows logs for any error messages of EtherSensor Agent.

Report the incidents to support.

No tracked process displayed in the processinfo.log file after EtherSensor Agent is started.

The network card is not connected, or the TCP/IP stack is disabled. Check whether the system creates TCP connections (e.g. by opening a browser and loading any page). After that the browser process should appear in the processinfo.log file.

This computer belongs to a domain. If so, the EtherSensor Agent modules loaded into processes creating TCP connections attempt to get the name of the user who runs the process. Correct DNS settings of the tracked OS are very important in this case because the system API which provides information on the domain user uses these DNS settings.

No application in the system is able to create a remote connection, while there were no such issues before EtherSensor Agent was installed in the system.

Open the EtherSensor Agent installation directory and run the following command: ethersensor_instlsp.exe -p > log.txt. This will save the list of installed providers of the OS network stack to the log.txt file.

Analyze the log.txt file yourself and send it to support if necessary.

Run the following command: ethersensor_instlsp.exe -f -c b. This command disables the EtherSensor Agent ethersensor_lsp.dll tracking module. Start a new browser instance and open a remote page. If the page opens then there is a problem with the ethersensor_lsp.dll tracking module. Otherwise the problem is not related to the EtherSensor Agent tracking module.

Microolap EtherSensor does not recognize the user of an intercepted message

Check the EtherSensor Agent configuration: the EtherSensor tag, then the server tag. The address attribute of the server tag must contain the correct DNS name of the Microolap EtherSensor service which must be correctly resolved on this workstation. If a DNS address is specified instead, check the availability of the Microolap EtherSensor server IP address (e.g. using the ping utility).

The EtherStat server does not receive messages from EtherSensor Agent:

Check the svcagent.log file for any error messages of EtherSensor Agent.

Check the configuration of connection with the EtherStat server: the EtherStat tag. The address attribute of this tag must contain the IP address to which the connection is established. The key attribute contains the public key of the encrypted connection. This key must be identical to the public key of the EtherStat server.

Check the availability of the EtherStat server IP address (e.g. using the ping utility).

Check the information processing time configuration in the following tags: OSMonitor, HWMonitor, SWMonitor, UserMonitor, NetMonitor and ProcMonitor. If the timer attribute is set to 0, the messages for corresponding events are not processed and thus are not sent to the EtherStat server.