How to Re-register an Agent

Follow

Agent 1.x series

If you log into Threat Stack and the Server button does not display the expected number of servers, then you may need to re-register your Agent(s). If you see a "Agent has been revoked. Shutting down" message in /opt/threatstack/cloudsight/logs/cloudsight.log, then you need to re-register your Agent.

Prerequisites

  • Administrator access to your Amazon Web Service (AWS) account
  • Access to the Threat Stack console
  • Your deployment key, which can be found in Settings > Application Keys

Tip

If you need to re-register multiple Agents, then Threat Stack recommends re-registering one Agent first, to ensure the process works as expected. You may then re-register remaining Agents in parallel.

Instructions

  1. In the Command Line, type the following command and press ENTER:
    sudo cloudsight stop
  2. Type the following command and press ENTER:
    sudo rm /opt/threatstack/cloudsight/config/.secret
  3. Do one of the following:
    1. To re-register your Agent with the Threat Stack Base Rule Set, type the following command and press ENTER:
      sudo cloudsight setup --deploy-key=<your deploy key>

      Replace <your deploy key> with your deployment key.

    2. To re-register your Agent with a different Threat Stack Rule Set, type the following command and press ENTER:
      sudo cloudsight setup --ruleset=”<rule set name>
      --deploy-key=<your deploy key>

      Replace<your deploy key> with your deployment key. Replace <rule set name> with the Threat Stack Rule Set name, such as HIPAA.

      Note

      You can specify multiple rules sets for an Agent by including comma separated rule set names in the ruleset parameter.

  4. Type the following command and press ENTER:
    sudo cloudsight restart

Agent 2.x series

If you log into Threat Stack and the Server button does not display the expected number of servers, then you may need to re-register your Agent(s). If you run the sudo tsagent status command and receive a "1 – tsagent: Agent is revoked" message, then you need to re-register your Agent.

Prerequisites

  • Administrator access to your Amazon Web Service (AWS) account
  • Access to the Threat Stack console
  • Your deployment key, which can be found in Settings > Application Keys
  • Your AWS hostname

Tip

If you need to re-register multiple Agents, then Threat Stack recommends re-registering one Agent first, to ensure the process works as expected. You may then re-register remaining Agents in parallel.

Instructions for a non-revoked Agent

  1. In the Command Line, type the following command and press ENTER:
    sudo tsagent stop
  2. Type the following command and press ENTER:
    sudo tsagent setup --deploy-key=<your deploy key> 
    --ruleset=“Base Rule Set” --hostname=“<your hostname>

    Replace<your deploy key> with your deployment key. Replace<your hostname> with your AWS hostname.

    Note

    You can specify multiple rules sets for an Agent by including comma separated rule set names in the ruleset parameter.

  3. Type the following command and press ENTER:
    sudo tsagent restart

Instructions for a revoked Agent

  1. In the Command Line, type the following command and press ENTER:
    sudo tsagent stop
  2. Type the following command and press ENTER:
    sudo rm /opt/threatstack/etc/tsagentd.cfg
  3. Type the following command and press ENTER:
    sudo tsagent setup --deploy-key=<your deploy key> 
    --ruleset=“Base Rule Set” --hostname=“<your hostname>

    Replace<your deploy key> with your deployment key. Replace<your hostname> with your AWS hostname.

    Note

    You can specify multiple rules sets for an Agent by including comma separated rule set names in the ruleset parameter.

  4. Type the following command and press ENTER:
    sudo tsagent restart
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.