Failed to connect to mdsd error in a Linux machine monitored by Azure Security Center
Some customers are already monitoring Linux machines using Security Center for a quiet sometime, many of them just want to visualize security recommendations for Linux platform. Some Linux machines monitored by Security Center, may experience the error described in the title of this blog post, this error appears in the log as shown below:
XXXX : Failed to connect to mdsd: dial tcp 127.0.0.1:29130: getsockopt: connection refused
XXXX : ERR: Failed to connect to mdsd: dial tcp 127.0.0.1:29130: getsockopt: connection refused
In the past, Azure Security Center used the LinuxASM extension to perform data collection in Linux, and now it uses the OMS Agent for Linux. This error in the log may indicate that the LinuxASM extension is still installed. You should uninstall this extension, and make sure that only the OMSAgentForLinux is installed as shown below:
If ASC is configure for Auto Provision, the agent will get installed automatically, if not you can use the steps from this article to manually onboard a Linux machine. Keep in mind that now is not only about using ASC to highlight the security posture of your Linux machines, at Ignite we announced that threat detection for Linux is now available in Azure Security Center. Our team recently released a new Linux detections playbook that allows you to test some of these detections and experience the alerts that will generate.