KBI 310228 Interactively Observing Argent Services and Relator Execution

Version

All Versions

Date

11 Oct 2010

Summary

Issues may occur where Argent services stop, hang, or display exception errors in log files when specific Rules are executed.

This KBI teaches customers how to interactively observe what an Argent service is actually seeing.

Technical Background

When Argent’s monitoring services executes a task, these are done in a non-interactive environment.

Let’s say, for example, you are running a System Command Rule that executes a third-party EXE.

Let’s say you’ve scheduled this monitoring task at 1:00 PM each day.

Let’s also say that we’ve observed cases where the Argent monitoring engine service stops listening on its port, stops monitoring, or there are strange exception errors in the logs.

In the scenario above, this is a common case where the third-party EXE requires some sort of interactive input.

For example — a command-line “Are you sure? (Y/N)” that waits for user input, or a popup dialog box requiring a user to click on “OK” or “Yes”.

Obviously, the monitoring engine service in its non-interactive session cannot type or click into these unexpected windows.

Resolution

To prove whether the issues are related to an interactive window or not, we can execute the Argent services interactively.

First off, we need to stop the Argent Monitoring Engine — in the above example, we would stop the Argent Guardian Monitoring Engine.

Next, we navigate to the folder where Argent is installed, e.g.

C:\Argent\ArgentManagementConsole\ArgentGuardian

And we execute AG_ME_MAIN.EXE.

The first thing you’ll notice is that the process looks exactly like a real-time Monitoring Engine log.

By executing within this interactive window, we can see when dialog windows popup, or when a third-party EXE executes.

Essentially, we can see if there is anything that is preventing the service from continuing as normal.

Once you’ve isolated the issue, press CTRL + C to end the interactive process, correct the issue (or disable the problematic Rule), and restart the Monitoring Engine service.

Depending on the product, there are different ways to invoke the command-line interactive service.

For Argent XT, run {Product_Abbreviation}_ME_MAIN.EXE

e.g. AG_ME_MAIN.EXE, AST_ME_MAIN.EXE, etc.

For Argent AT, run {Product_Abbreviation}_SVC.EXE /ACL

(ACL stands for At-Command-Line)

e.g. ARGSOFT_VM_SVC.EXE /ACL or CYCLOPS_SVC.EXE /ACL for Argent Defender