Reputation: 428
Falcon sensor fails to start the agent
I am trying to install falcon-sensor(version:4.16.0) on a Debian machine. When I try to start the agent it doesn't start up.
I checked the logs of falcon-sensor and here is what it says : 2019 unable to initialize dynamic libraries. (2309) [144]
I checked the log of falconctl and here is what it says : Invalid file /opt/CrowdStrike/falconstore length: 0 (2277) [568]
I tried finding answers through googling but I could not find any.
Any help on this would be really helpful
Thanks in advance.
Upvotes: 2
Views: 38407
Answers (4)
Reputation: 1
I think the main reason for falcon sensor to fail during start is because of incorrect CID being used/set.
Upvotes: 0
Reputation: 1
I follow install steps 1~3 below without issue, but have not get a CID, please let met know how to get it
1 ) Download falcon-sensor.rpm to your machine.
2 ) sudo yum install -y falcon-sensor.rpm .
3 ) sudo /opt/CrowdStrike/falconctl -s --cid=<Your-CID>
4 ) service falcon-sensor start.
Upvotes: -1
Reputation: 22198
Make sure you performed the basic steps correctly:
1 ) Download falcon-sensor.rpm to your machine.
2 ) sudo yum install -y falcon-sensor.rpm .
3 ) sudo /opt/CrowdStrike/falconctl -s --cid=<Your-CID> .
4 ) service falcon-sensor start.
Check status:
[ec2-user@ip-172-21-80-18 ~]$ service falcon-sensor status
Redirecting to /bin/systemctl status falcon-sensor.service
● falcon-sensor.service - CrowdStrike Falcon Sensor
Loaded: loaded (/usr/lib/systemd/system/falcon-sensor.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-09-05 13:48:34 UTC; 1min 6s ago
Process: 2746 ExecStart=/opt/CrowdStrike/falcond (code=exited, status=0/SUCCESS)
Process: 2729 ExecStartPre=/opt/CrowdStrike/falconctl -g --cid (code=exited, status=0/SUCCESS)
Main PID: 2747 (falcond)
Tasks: 19
Memory: 4.5M
CGroup: /system.slice/falcon-sensor.service
├─2747 /opt/CrowdStrike/falcond
└─2749 falcon-sensor
systemd[1]: Starting CrowdStrike Falcon Sensor...
falconctl[2729]: cid="<Your-CID>".
falcond[2747]: starting
Started CrowdStrike Falcon Sensor.
falcon-sensor[2749]: No traceLevel set via falconctl defaulting to none
falcon-sensor[2749]: LogLevelUpdate: none = trace level 0.
View process:
ps -e | grep falcon-sensor
2749 ? 00:00:00 falcon-sensor
Notice that all commands should be executed with sudo Or else you see the error below:
$ service falcon-sensor restart #< --- No root permission
Redirecting to /bin/systemctl restart falcon-sensor.service
Failed to restart falcon-sensor.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files
See system logs and 'systemctl status falcon-sensor.service' for details.
Upvotes: 1
Reputation: 11
falcon-sensor has libssl.so.1.0.0 as dependency, but that version is missing on Debian Stretch (there is version 1.0.2).
I just created a symlink to the existing version:
ln -s libssl.so.1.0.2 /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
and now it works.
Upvotes: 1
Related Questions
- Airflow external_task_sensor never stops poking
- error: WITH expected this input to be an agentset, but got a patch instead
- airflow sensor timeout not reached
- Warning: Failed to connect to the agentx master agent ([NIL])
- Why is SQL Server Agent not starting?
- ANY? expected input to be an agentset but got the number 0 instead
- Sensor diagnostic tool won't run
- Orion Context Broker functional test failure
- DCOS navstar service failed to start on agent nodes
- Orion iot Agent can not be started