AnsweredAssumed Answered

How do you remove cloud agents from the console when the EC2 is already removed

Question asked by David Williams on Jan 10, 2018

We use the qualys-cloud-agent in AWS so a lot of EC2 come and go due to scaling, blue/green deployments etc... which I have 2 questions about.

 

1) When AWS decommissions an EC2 instance with the cloud agent installed, how should we handle that in Cloud Agent console?

 

2) Related to above, I've been 'Uninstalling' agents via the GUI that haven't checked in after a period of time. Now I'm seeing an issue where some new machines with agents won't register because they get a  "Agent revocation requested" message from the Qualys host.  Is this caused by 'Uninstalling' the earlier agents in the console, and this machine possibly having the same host name? AWS machines have the I.P. address in there hostname.  After we restart the qualys-cloud-agent on the machine a couple of times it works.

 

Below is an excerpt of the qualys-cloud-agent.log

 

[qualys-cloud-agent][29862]:[Information]:Finished curl request

[qualys-cloud-agent][29862]:[Information]:Http request completed successfully: 200
[qualys-cloud-agent][29862]:[Debug]:CAPI response payload: {"Data":{"PWS":{},"Synchronization":{"NextSequence":0},"Status":{},"Command":{"Names":["Revoke"]},"Resources":{},"ResourceUpload":{},"ScanManagement":{"Resources":{}}}}
[qualys-cloud-agent][29862]:[Information]:Agent revocation requested
[qualys-cloud-agent][29862]:[Debug]:Last event time: 1515554545, current time: 1515604017, intervalSeconds: 60, diff:49472
[qualys-cloud-agent][29862]:[Debug]:INTERVAL_EVENT_REVOCATION timeout: 0 seconds
[qualys-cloud-agent][29862]:[Information]:Next event: INTERVAL_EVENT_REVOCATION, time left: 0 seconds
[qualys-cloud-agent.uninstall][29862]:[Information]:Uninstalling cloud-agent
[qualys-cloud-agent][29862]:[Information]:Stopping cloud-agent

Outcomes