Quick Diagnosis

# Check agent status
kubectl get pods -n garnet-system  # Kubernetes
# OR
docker ps | grep jibril            # Docker

# Check logs
kubectl logs -f daemonset/jibril -n garnet-system
# OR
docker logs -f jibril

# Verify connectivity
curl -H "Authorization: Bearer $GARNET_API_TOKEN" \
  https://api.garnet.ai/v1/agents

Agent not appearing

Symptoms: No agent visible after 5 minutes

Diagnosis

# 1. Check agent is running
kubectl get pods -n garnet-system
# Expected: STATUS = Running

# 2. Check logs for errors
kubectl logs daemonset/jibril -n garnet-system | grep -i error

# 3. Verify token
kubectl get secret garnet-token -n garnet-system \
  -o jsonpath='{.data.token}' | base64 -d
# Should match your token

Solutions

Error: 401 Unauthorized
Fix: Token invalid, regenerate at dashboard.garnet.ai/tokens

No detections showing

This is normal if no threats are occurring.

Test detection

# This should trigger alert:
curl http://malicious.test.garnet.ai
If still nothing after 30 seconds:
  1. Check agent logs: kubectl logs daemonset/jibril -n garnet-system
  2. Verify agent is in “detect” or “block” mode (not “disabled”)
  3. Check dashboard.garnet.ai/settings - ensure detections enabled

GitHub Actions: “eBPF not supported”

Error: 
Error loading eBPF programs: operation not permitted
Cause: GitHub-hosted runners have kernel <5.15 Solution: 
# Use newer runner:
runs-on: ubuntu-22.04  # or ubuntu-latest
For self-hosted runners: 
# Verify kernel version
uname -r  # Must be ≥5.15

# Upgrade if needed
sudo apt update && sudo apt upgrade linux-generic

Kubernetes: CrashLoopBackOff

Symptoms: Pod constantly restarting

Check

kubectl describe pod <pod-name> -n garnet-system
kubectl logs <pod-name> -n garnet-system --previous

Common causes

# Fix: Ensure DaemonSet has:
spec:
  template:
    spec:
      hostPID: true
      hostNetwork: true

# Check kernel on nodes:
kubectl get nodes -o wide

# Upgrade kernel if needed

# Check for SELinux denials:
ausearch -m avc

# Temporary: Set permissive
setenforce 0

False positives

Scenario: Legitimate traffic flagged as threat

Short-term fix

# GitHub Actions: ignore specific patterns
- uses: garnetlabs/garnet-action@v1
  with:
    ignore-patterns: |
      - "npm install"
      - "curl api.trusted.com"

Better fix

Create allowlist at dashboard.garnet.ai/settings/allowlist 
allowlist:
  domains:
    - "api.trusted.com"
    - "*.internal.company.com"
  
  processes:
    - name: "curl"
      cmdline_pattern: "curl.*internal"

Report false positive

Open issue with detection details

High CPU usage

Expected: <1% CPU per agent

If higher

# 1. Check agent version
kubectl get daemonset jibril -n garnet-system \
  -o yaml | grep image:
# Should be: latest or v1.x.x

# 2. Update to latest
kubectl set image daemonset/jibril \
  jibril=ghcr.io/garnetlabs/jibril:latest \
  -n garnet-system

# 3. Check for kernel issues
dmesg | grep -i bpf
Still high? Contact support with: 
kubectl top pods -n garnet-system

Error Messages

ErrorMeaningFix
401 UnauthorizedInvalid API tokenRegenerate token
403 ForbiddenToken lacks permissionsCreate new token with agent permissions
Connection refusedCan’t reach APICheck firewall/network
eBPF program load failedKernel too oldUpgrade to kernel ≥5.15
CAP_BPF: Operation not permittedMissing capabilitiesRun with --privileged or add CAP_BPF

Debug Mode

# Enable verbose logging
kubectl set env daemonset/jibril \
  JIBRIL_LOG_LEVEL=debug \
  -n garnet-system

# View detailed logs
kubectl logs -f daemonset/jibril -n garnet-system

# Disable debug after troubleshooting
kubectl set env daemonset/jibril \
  JIBRIL_LOG_LEVEL=info \
  -n garnet-system

Support

Self-service

Direct support

Debug bundle

Include this in your support request: 
# Collect debug info
kubectl get pods -n garnet-system -o yaml > garnet-debug.yaml
kubectl logs daemonset/jibril -n garnet-system > garnet-logs.txt
uname -a > system-info.txt

# Compress
tar -czf garnet-debug.tar.gz garnet-debug.yaml garnet-logs.txt system-info.txt