Agent 1.x series vs Agent 2.x series Commands

Follow

The Agent 2.x series introduces a new series of Command Line commands. The matrix below compares the Agent 1.x series commands to the Agent 2.x series commands.

Agent 1.x series command Agent 2.x series command Summary
sudo cloudsight setup --name=value sudo tsagent setup --deploy-key=foo --ruleset=”Base Rule Set” --hostname=”<Your Hostname>”

On an upgrade from the Agent 1.x series, the Agent automatically starts. On a clean install, the Agent does not automatically start. You must manually start the Agent.

Replace <You Hostname> with the your AWS hostname.

Link the Agent with the Threat Stack backend
sudo cloudsight start

sudo tsagent start (for Amazon Linux 1 OS)

sudo systemctl start threatstack (for all OSs except Amazon Linux 2)

Start the Threat Stack Agent
sudo cloudsight stop sudo tsagent stop Stop the Threat Stack Agent
sudo cloudsight status sudo tsagent status Get the status of the Threat Stack Agent
sudo cloudsight config enable_containers=1 sudo tsagent config --set enable_containers 1 Enable container monitoring
cloudsight config enable_kubes=1 sudo tsagent config --set enable_kubes 1 Enable Kubernetes monitoring
sudo cloudsight config log_level=debug sudo tsagent config --set log.level debug Change the logging level of the Threat Stack Agent.

Allowable values:

  • fatal
  • error
  • warn
  • info
  • debug
  • trace
cloudsight config disable_audit_log_read=1 Agent 2.0 no longer writes audit logs to tsauditd.log. Disable the writing of Threat Stack Agent audit logs to tsauditd.log
N/A  tsagent start --fim-debug-log <path/to/log> Use to enable File Integrity Monitoring (FIM) logging

Replace <path/to/profile> with the actual path to the profile.

N/A tsagent start --cpuprofile <path/to/profile> Tells the Threat Stack Agent to write CPU profiler data to the selected path. The data can be reviewed with go language tool pprof.

Replace <path/to/profile> with the actual path to the profile.

N/A tsagent start --memprofile <path/to/profile> Tells the Threat Stack Agent to write memory profiler data to the selected path. The data can be reviewed with go language tool pprof.

Replace <path/to/profile> with the actual path to the profile.

N/A tsagent config --get Retrieves value of configuration
N/A tsagent config --list Lists configuration
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.