Linux Agent 2.x Series Commands
The Linux Agent 2.1.1 introduced a new series of Command Line commands. The matrix below compares the Agent 2.0 and 2.1 series commands to the Agent 2.1.1 and later series commands.
Important
You must restart your F5 Distributed Cloud App Infrastructure Protection (AIP) Agent after making any configuration changes to ensure that the changes take effect. To restart the Agent, run the following command:sudo systemctl restart threatstack
Note
In Agent 2.1.1, the tsagent start / tsagent stop / tsagent restart commands will be supported. However, warning messages will be displayed when executed. These commands will not be supported in the next Agent release.
| Agent 2.0 and 2.1 command | Agent 2.1.1 and later command | Description of command |
|---|---|---|
| sudo tsagent setup --deploy-key=foo --ruleset="Base Rule Set" --hostname="<Your Hostname>" On an upgrade from the Agent 1.x series, the Agent automatically starts. On a clean install, the Agent does not automatically start. You must manually start the Agent. Replace <Your Hostname> with your AWS hostname. |
sudo tsagent setup --deploy-key=foo --ruleset="Base Rule Set" --hostname="<Your Hostname>" Replace <Your Hostname> with your AWS hostname. |
Link the Agent with the Distributed Cloud AIP backend |
|
sudo tsagent start (for Amazon Linux 1 OS) sudo systemctl start threatstack (for all OSs except Amazon Linux 1) |
sudo initctl start threatstack (for Amazon Linux 1 OS) sudo systemctl start threatstack (for all OSs except Amazon Linux 1) |
Start the Distributed Cloud AIP Agent |
|
sudo tsagent stop (for Amazon Linux 1 OS) sudo systemctl stop threatstack (for all OSs except Amazon Linux 1) |
sudo initctl stop threatstack (for Amazon Linux 1 OS) sudo systemctl stop threatstack (for all OSs except Amazon Linux 1) |
Stop the Distributed Cloud AIP Agent |
| sudo tsagent status | sudo tsagent status | Get the status of the Distributed Cloud AIP Agent |
| sudo tsagent config --set enable_containers 1 | sudo tsagent config --set enable_containers 1 | Enable container monitoring |
| sudo tsagent config --set enable_kubes 1 | sudo tsagent config --set enable_kubes 1 | Enable Kubernetes monitoring |
| sudo tsagent config --set log.level debug | sudo tsagent config --set log.level debug | Change the logging level of the Distributed Cloud AIP Agent.
Allowable values:
After you change the logging level, you must restart the Agent. |
| Agent 2.0 no longer writes audit logs to tsauditd.log. | N/A | Disable the writing of Distributed Cloud AIP Agent audit logs to tsauditd.log |
| tsagent start --fim-debug-log <path/to/log> | N/A | Use to enable File Integrity Monitoring (FIM) logging
Replace <path/to/profile> with the actual path to the profile. |
| tsagent start --cpuprofile <path/to/profile> |
sudo tsagent pprof profile --seconds = <number of seconds to profile for> > cpu.pprof |
Tells the Distributed Cloud AIP Agent to write CPU profiler data to the selected path. The data can be reviewed with go language tool pprof. For Agent 2.0 and 2.1, replace <path/to/profile> with the actual path to the profile. For Agent 2.1.1 and beyond, replace <number of seconds to profile for> with the actual number of seconds. To enable pprof:
To disable pprof:
|
| tsagent start --memprofile <path/to/profile> |
sudo tsagent pprof heap > heap.pprof |
Tells the Distributed Cloud AIP Agent to write memory profiler data to the selected path. The data can be reviewed with go language tool pprof. For Agent 2.0 and 2.1, replace <path/to/profile> with the actual path to the profile. To enable pprof:
To disable pprof:
|
| tsagent config | tsagent info | Displays information about the current state of the Distributed Cloud AIP Agent |
| tsagent config --get | tsagent config --get | Retrieves value of configuration |
| tsagent config --list | tsagent config --list | Lists configuration |