Troubleshooting Resources for the Cortex XDR Agent for Linux

Resource
Description
Services and Processes
Services:
  • /opt/traps/bin/pmd
    (Running with root privileges)
Processes:
  • /opt/traps/bin/dypd
    (Running with root privileges,
    pmd
    starts and stops a single
    dypd
    helper process)
  • /opt/traps/analyzerd/analyzerd
    (Unprivileged process running inside the sandbox,
    pmd
    starts and stops a single
    analyzerd
    helper process)
  • /opt/traps/ltee/lted
    (Unprivileged process running inside the sandbox,
    pmd
    starts and stops multiple
    lted
    processes on demand)
Memory usage of
lted
processes
All
lted
instances are forks of the same process, sharing most of the physical memory pages. Using
ps
and sum of RSS of all
lted
instances could be misleading, since the same shared memory pages will be counted several times. The correct way to analyze memory usage of
lted
processes is using PSS (Proportional set size), which can be calculated by
smem
utility.
Cortex XDR agent logs
Indicates information, warnings, and errors related to Cortex XDR that are stored on the endpoint.
  • Installation logs:
    /var/log/traps-install.log
  • Agent logs:
    /var/log/traps/
Kernel Module
The installed Cortex XDR agent kernel module. Kernel modules are updated through Content updates.
  • /lib/modules/$<
    uname -r
    >/traps/traps.ko

Recommended For You