ECAT agent did not appear
Hi, I have ecat agents installed on approximate 100 endpoints for a period of time. However, it does not appear on the ECAT console. ECAT service is verified running on the endpoints. Putting the possibility of firewall rules aside because there are other endpoints sitting on the same network segment already report and appear in the ECAT console. Other than do a traffic capture from the ecat server, is there any more recommended steps to troubleshoot so to get the agents report to ecat server?
- Community Thread
- ECAT Agent
- ecat troubleshooting
- Forum Thread
- RSA ECAT
- RSA NetWitness Endpoint
- RSA NetWitness Platform
Assuming you have closed and then reopened the ECAT UI.
You could go directly into the ECAT SQL database and query for the machines in there.
SELECT distinct mn.MachineName
[dbo].[mocServices] AS [se] WITH(NOLOCK)
INNER JOIN [dbo].[MachineModulePaths] AS [mp] WITH(NOLOCK) ON ([mp].[PK_MachineModulePaths] = [se].[FK_MachineModulePaths])
INNER JOIN [dbo].[ServiceNames] AS [ps] WITH(NOLOCK) ON ([ps].[PK_ServiceNames] = [se].[FK_ServiceNames])
INNER JOIN [dbo].[machines] AS [mn] WITH(NOLOCK) ON [mn].[PK_Machines] = [se].[FK_Machines]
That should output the machine names that ECAT knows about. If that lined up with what you were observing, the next thing would be to look at the ConsoleServer-Error.log looking for the missing hosts. If those missing hosts are not in there, then I would assume network communication is an issue. If those hosts do appear in there, then network communication is likely not the issue and would be something else.