Agent 1.x Series vs Agent 2.x Series Commands

The Linux Agent 2.1.1 introduced a new series of Command Line commands. The matrix below compares the Agent 1.x series commands to the Agent 2.x series commands.

Important

In Agent 2.1.1, the tsagent start tsagent stop tsagent restart commands will be supported. However, warning messages will be displayed when executed. These commands will not be supported in the next Agent release.

 

Agent 1.x series command Agent 2.0 and 2.1 command Agent 2.1.1 and beyond command Description of command
sudo cloudsight setup --name=value sudo tsagent setup --deploy-key=foo --ruleset=”Base Rule Set” --hostname=”<Your Hostname>”

On an upgrade from the Agent 1.x series, the Agent automatically starts. On a clean install, the Agent does not automatically start. You must manually start the Agent.

Replace <Your Hostname> with your AWS hostname.

sudo tsagent setup --deploy-key=foo --ruleset=”Base Rule Set” --hostname=”<Your Hostname>”

Replace <Your Hostname> with your AWS hostname.

Link the Agent with the Threat Stack backend
sudo cloudsight start

sudo tsagent start (for Amazon Linux 1 OS)

sudo systemctl start threatstack (for all OSs except Amazon Linux 1)

sudo initctl start threatstack (for Amazon Linux 1 OS)

sudo systemctl start threatstack (for all OSs except Amazon Linux 1)

Start the Threat Stack Agent
sudo cloudsight stop

sudo tsagent stop (for Amazon Linux 1 OS)

sudo systemctl stop threatstack (for all OSs except Amazon Linux 1)

sudo initctl stop threatstack (for Amazon Linux 1 OS)

sudo systemctl stop threatstack (for all OSs except Amazon Linux 1)

Stop the Threat Stack Agent
sudo cloudsight status sudo tsagent status sudo tsagent status Get the status of the Threat Stack Agent
sudo cloudsight config enable_containers=1 sudo tsagent config --set enable_containers 1 sudo tsagent config --set enable_containers 1 Enable container monitoring
cloudsight config enable_kubes=1 sudo tsagent config --set enable_kubes 1 sudo tsagent config --set enable_kubes 1 Enable Kubernetes monitoring
sudo cloudsight config log_level=debug sudo tsagent config --set log.level debug sudo tsagent config --set log.level debug Change the logging level of the Threat Stack Agent.

Allowable values:

  • fatal
  • error
  • warn
  • info
  • debug
  • trace
cloudsight config disable_audit_log_read=1 Agent 2.0 no longer writes audit logs to tsauditd.log. N/A Disable the writing of Threat Stack Agent audit logs to tsauditd.log
N/A tsagent start --fim-debug-log <path/to/log> N/A Use to enable File Integrity Monitoring (FIM) logging

Replace <path/to/profile> with the actual path to the profile.

N/A tsagent start --cpuprofile <path/to/profile>

sudo /opt/threatstack/sbin/tsagentd --debug

sudo tsagent pprof profile --seconds = <number of seconds to profile for> > cpu.pprof

Tells the Threat Stack Agent to write CPU profiler data to the selected path. The data can be reviewed with go language tool pprof.

For Agent 2.0 and 2.1, replace <path/to/profile> with the actual path to the profile.

For Agent 2.1.1 and beyond, replace <number of seconds to profile for> with the actual number of seconds.

N/A tsagent start --memprofile <path/to/profile>

sudo /opt/threatstack/sbin/tsagentd --debug

sudo tsagent pprof heap > heap.pprof

Tells the Threat Stack Agent to write memory profiler data to the selected path. The data can be reviewed with go language tool pprof.

For Agent 2.0 and 2.1, replace <path/to/profile> with the actual path to the profile.

N/A tsagent config tsagent info Displays information about the current state of the Threat Stack Agent
N/A tsagent config --get tsagent config --get Retrieves value of configuration
N/A tsagent config --list tsagent config --list Lists configuration
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request