Linux Agent 3.x Series Commands
The Linux Agent 3.0.0 introduced new Command Line commands.
Important
You must restart your F5 Distributed Cloud App Infrastructure Protection (AIP) Agent after making any configuration changes to ensure that the changes take effect. To restart the Agent, run the following command:sudo systemctl restart threatstack
| Agent 3.x command | Description of command |
|---|---|
| sudo tsagent setup --deploy-key=foo --ruleset=”Base Rule Set” --hostname=”<Your Hostname>” Replace <Your Hostname> with your AWS hostname. |
Link the Agent with the Distributed Cloud AIP backend |
|
sudo initctl start threatstack (for Amazon Linux 1 OS) sudo systemctl start threatstack (for all OSs except Amazon Linux 1) |
Start the Distributed Cloud AIP Agent |
|
sudo initctl stop threatstack (for Amazon Linux 1 OS) sudo systemctl stop threatstack (for all OSs except Amazon Linux 1)
|
Stop the Distributed Cloud AIP Agent |
| sudo tsagent status | Get the status of the Distributed Cloud AIP Agent |
| sudo tsagent config --set enable_containers 1 | Enable container monitoring |
| sudo tsagent config --set enable_kubes 1 | Enable Kubernetes monitoring |
| sudo tsagent config --set log.level debug | Change the logging level of the Distributed Cloud AIP Agent.
Allowable values:
After you change the logging level, you must restart the Agent. |
|
sudo tsagent pprof profile --seconds = <number of seconds to profile for> > cpu.pprof |
Tells the Distributed Cloud AIP Agent to write CPU profiler data to the selected path. The data can be reviewed with go language tool pprof. Replace <number of seconds to profile for> with the actual number of seconds. To enable pprof:
To disable pprof:
|
| sudo tsagent pprof heap > heap.pprof |
Tells the Distributed Cloud AIP Agent to write memory profiler data to the selected path. The data can be reviewed with go language tool pprof. To enable pprof:
To disable pprof:
|
| tsagent info | Displays information about the current state of the Distributed Cloud AIP Agent |
| tsagent config --get | Retrieves value of configuration |
| tsagent config --list |
Lists configuration |
| tsagent config --set enable_backlog_wait <boolean> |
The amount of time, in seconds, the Agent waits before dropping audit events when the system load is very high. By default, this value is 0, which ensures platform stability, but may reduce the level of observability of your audit events when the system load is very high. |
|
tsagent config --set <environment variable> <value> Replace <environment variable> with one of the allowed options |
Configure your Agent with environment, role, and system tags that allow you to search for events and alerts returned from specific environments. Allowable tags:
|
|
tsagent config --set disable_audit_on_shutdown <boolean> Replace <boolean> with either true or false |
Leaves the Linux kernel’s audit logs enabled when the Distributed Cloud AIP Agent is stopped when the value is set to “false.” Disables the Linux kernel’s audit logs when the Distributed Cloud AIP Agent is stopped when set to “true.” By default, the value is set to “true.” |
| tsagent config --help |
Lists and explains all settings in your Distributed Cloud AIP Agent. |
| tsagent config --set enable_backlog_wait true |
Keeps auditctl backlog_wait_time automatically set to its default value (not zero). |