A red icon indicates that the host has not been seen for 24 hours

[desmond ozurumba]

Hi everyone,

please i have installed Velociraptor and onbaord client only to observer that the clients are all showing red, please how will i turn it back to green.

see screenshot below.

thank you.

[Mike Cohen]

Red means the host is not seen for more than 24 hours. You can see each client's last seen time by clicking on it

Maybe your server is not accessible to the clients?

Mike

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises M  ‭+61 470 238 491‬  E mi...@velocidex.com

--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/ec0171c5-1382-472f-bdb2-a757e38f6726n%40googlegroups.com.

[desmond ozurumba]

Thank you for the quick response.

my challenge that the clients have been on since today but yet its still showing no client or client unavailable.

how can i bring it back to be online, please kindly assist on how to bring it back online.

Thank you

[Mike Cohen]

Can you check the last seen time of the clients?

Another possibility is that your server time is not set correctly - can you make sure your server time is synced?

Thanks

Mike

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises M  ‭+61 470 238 491‬  E mi...@velocidex.com

To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/2af8c9ae-df2f-4339-95dc-b6c53d9b4150n%40googlegroups.com.

[desmond ozurumba]

yes i can see screenshot below.

so, even when i check the dashboard is is saying something like client_comms_current_connections 0, which means no client is connected currently even when all the client servers are up and running.

thank you.

[desmond ozurumba]

so, i just rerun the below command on one of the client and it started showing  green again.

./velociraptor-v0.5.9-linux-amd64 --config client.config.yaml client -v

pls your option and advice on how to go around this will be well appreciated. 

i believe there should be a lasting solution on this pls kindly assist

than you.

[Mike Cohen]

It looks like your clients are not properly installed - how have you deployed them?  They need to restart on reboot.

Usually we deploy the MSI which creates the service required (see https://docs.velociraptor.app/docs/overview/deployment/clients/#installing-an-msi )

you can check the service is properly installed on your endpoint using sc query velociraptor

Thanks

Mike

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises M  ‭+61 470 238 491‬  E mi...@velocidex.com

To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/2d7395b7-8da4-47e7-83cc-8c85ecd25113n%40googlegroups.com.