Imperva Cyber Community

communities_1.jpg
Β View Only
  • 1.  agent critical status with Agent certificate is expired

    Posted 12-01-2023 12:31
    Edited by Seongsu Ryu 12-01-2023 12:56

    I've installed imperva agent to Oracle Exadata X5 hosts (please refer below output from which_ragent_package_0286.sh)

    OS: OEL

    Version: 7

    Platform: x86_64

    Kernel: UEK-v4

    Latest DAM Agent package is: Imperva-ragent-OEL-v7-kUEK-v4-px86_64-b14.6.0.120.0.643876.tar.gz

    -------------------------------------

    after a few minutes later, agent status changed to critical saying Agent certificate is expired

    strangely the other node works just fine with exact same agent version

    requested support to provide suggestion to renew certificate but so far no positive solution provided

    anyone experienced similar issue and know how to resolve / renew agent certificate issue?

    thx for your help!


    #DatabaseActivityMonitoring
    #ImpervaAgent

    ------------------------------
    Seongsu
    ------------------------------



  • 2.  RE: agent critical status with Agent certificate is expired

    Posted 12-04-2023 04:23

    Hi Seongsu,

    In order to fix the problem where it says "agent critical status with agent certificate is expired". Re-registering your problematic agent with the gateway is a good idea.



    ------------------------------
    Regards,
    𝐌𝐒𝐭𝐞𝐬𝐑 𝐌𝐞𝐑𝐭𝐚
    Senior Security Consultant
    Mumbai
    ------------------------------



  • 3.  RE: agent critical status with Agent certificate is expired

    Posted 12-04-2023 10:10

    thx for your reply

    re-install / re-register all ended up same error

    have below in Advanced Configuration based on Professional Service team's advice (when worked on VMs instead of Baremetal Oracle Exadata)

    <collect-Oracle-in-user-space>false</collect-Oracle-in-user-space>

    after it removed, i.e. changing Monitoring Mode from Kernel to User Space, I don't see that Critical status nor Running with Errors

    however same config works just fine in the other agent for 2-node Oracle RAC in Oracle Exadata hosts

    wondering I should keep use User Space Monitoring Mode or something missing in specifically in this host

    thx for your help



    ------------------------------
    Seongsu
    ------------------------------



  • 4.  RE: agent critical status with Agent certificate is expired

    Posted 12-06-2023 07:46

    User Space (US) mode is preferable option for Imperva agents. It is better to use it rather then Kernel mode. 

    You specific scenario can be the one described here -  https://docs.imperva.com/bundle/v14.7-database-activity-monitoring-user-guide/page/77566.htm



    ------------------------------
    MaratMakhlin
    ------------------------------



  • 5.  RE: agent critical status with Agent certificate is expired

    Posted 12-06-2023 09:40
    Edited by Seongsu Ryu 12-06-2023 09:58

    thx for your response

    after testing the other "working" agent with user space monitoring node (on 4th agent and changed back to kernel monitoring mode), I've noticed signifiant less (or almost none) db event captured

    these agents are installed/configured in Oracle Exadata X5 (OEL7) with 2 node RAC

    here is my current (w/ kernel monitoring mode caused critical Agent certificate is expired) advanced configuration
    <agent-config>
    <quota>8000</quota>
    <files-dir>.</files-dir>
    <enable-oracle-aso>true</enable-oracle-aso>
    <shared-server-discovery-enabled>true</shared-server-discovery-enabled>
    <system-events-data-loss-enable>true</system-events-data-loss-enable>
    <external-traffic-monitoring-in-kern>true</external-traffic-monitoring-in-kern>
    <collect-Oracle-in-user-space>false</collect-Oracle-in-user-space>
    <kernel_support_local_traffic_in_server_side>true</kernel_support_local_traffic_in_server_side>
    <system-events-ipv6-listener-identified-enable>0</system-events-ipv6-listener-identified-enable>
    <bulk-compression-method>Compression Snappy</bulk-compression-method>
    <userspace-oracle-injection-technology>true</userspace-oracle-injection-technology>
    </agent-config>



    ------------------------------
    Seongsu
    ------------------------------



  • 6.  RE: agent critical status with Agent certificate is expired

    Posted 12-07-2023 08:54

    I would suggest to open case to On-Prem Support and let our engineers to investigate this issue and come to definitive conclusions and recommendations for that specific issue.



    ------------------------------
    Marat Makhlin
    Imperva
    On-Prem Technical Lead
    ------------------------------



  • 7.  RE: agent critical status with Agent certificate is expired

    Posted 12-07-2023 09:12

    thx for your response

    support case #01850267 requested already before posting here but no promising response yet



    ------------------------------
    Seongsu
    ------------------------------



  • 8.  RE: agent critical status with Agent certificate is expired

    Posted 16 days ago

    Hello there,

    Did you get to resolve this issue?



    ------------------------------
    Derrick Akankwasa
    TAM
    Orient Bank
    Kampala
    ------------------------------