Re-register the Distributed Cloud AIP Linux Agent
Overview
This document describes how to re-register a Linux Agent that is not displaying in F5 Distributed Cloud App Infrastructure Protection (AIP). If unable to maintain registration, the Linux Agent moves from the Online Servers page to the Offline Servers page. After 24 hours, the Linux Agent is removed from the Offline Servers page.
Tip
If you need to re-register multiple Agents, Distributed Cloud AIP recommends re-registering one Agent first to ensure the process works as expected. You may then re-register remaining Agents in parallel.
If you log into Distributed Cloud AIP and the Servers page does not display the expected number of servers, then you may need to re-register your Agent(s). If you run the sudo tsagent status command and receive a "DOWN Distributed Cloud AIP Agent Daemon" message, then you need to re-register your Agent.
Prerequisites
- Administrator access to your Amazon Web Service (AWS) account
- Access to the Distributed Cloud AIP console
- Your deployment key
- Your AWS hostname
Instructions
- In the Command Line, type the following command and press ENTER:
sudo systemctl stop threatstack - Type the following command and press ENTER:
sudo tsagent setup --deploy-key=<your deploy key>
--ruleset=“Base Rule Set” --hostname=“<your hostname>”Replace <your deploy key> with your deployment key. Replace <your hostname> with your AWS hostname.
Note
You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.
- Type the following command and press ENTER:
sudo systemctl start threatstack
If you log into Distributed Cloud AIP and the Servers page does not display the expected number of servers, then you may need to re-register your Agent(s). If you run the sudo tsagent status command and receive a "DOWN Distributed Cloud AIP Agent Daemon" message, then you need to re-register your Agent.
Prerequisites
- Administrator access to your Amazon Web Service (AWS) account
- Access to the Distributed Cloud AIP console
- Your deployment key
- Your AWS hostname
Instructions
For Linux Agents 2.3.x and above:
- In the Command Line, type the following command and press ENTER:
sudo systemctl stop threatstack - Type the following command and press ENTER:
sudo tsagent setup --deploy-key=<your deploy key>
--ruleset=“Base Rule Set” --hostname=“<your hostname>”Replace <your deploy key> with your deployment key. Replace <your hostname> with your AWS hostname.
Note
You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.
- Type the following command and press ENTER:
sudo systemctl start threatstack
For Linux Agents 2.2.x and older:
- In the Command Line, type the following command and press ENTER:
sudo systemctl stop threatstack - For Agent 2.2 or earlier, type the following command and press ENTER. If you are using Agent 2.3 or later, skip this step and proceed to step 3:
sudo rm /opt/threatstack/etc/tsagentd.cfg /opt/threatstack/etc/agent.db - Type the following command and press ENTER:
sudo tsagent setup --deploy-key=<your deploy key>
--ruleset=“Base Rule Set” --hostname=“<your hostname>”Replace <your deploy key> with your deployment key. Replace <your hostname> with your AWS hostname.
Note
You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.
- Type the following command and press ENTER:
sudo systemctl start threatstack