Start/Stop/Restart Lacework Agent
The Lacework agent service is named datacollector. Once installed, normal Linux utilities like service, initctl, or systemctl can be used to manage the service. Common commands are:
$ systemctl start datacollector $ service datacollector [start | stop] $ initctl start datacollector
View Agent Logs
Important log messages from an active Lacework agent are appended to the standard log file defined for services on the Linux host where the agent is running. For example, on systemd managed systems, log messages are included in journald. For other systems log messages are included in /var/log/syslog.
Lacework agent also maintains its own debug logs in /var/log/lacework/datacollector.log. Logs are automatically rotated, and maximum expected disk usage is 20MB.
The Lacework agent is designed to auto-update and periodically checks the Lacework cloud for the most recent release. If a new version is found, it is non-disruptively installed. Monitoring continues during this time and a machine reboot is NOT required. The Lacework agent can also be manually upgraded by downloading a new install.sh from the agent tab and reinstalling.
View Agent Versions
To view where the agents are running in your environment and what version of the agents are running, select Monitor > Agents from the Lacework Console. The Agent Monitor panel lists the IP addresses where the agent is running and the version number. Also, the Agent Upgrades panel lists the Agent versions that have generated events in your environment over time.