Skip to main content

Agent Administration

Start, Stop, or Restart Lacework Agent

The Lacework agent service is named datacollector. Once installed, Linux utilities like service, initctl, or systemctl can be used to manage the service. Common commands are:

systemctl [start | stop | restart] datacollector
service datacollector [start | stop | restart]
initctl [start | stop | restart] datacollector

View Agent Logs

Important log messages from an active Lacework agent are appended to the standard log file defined for services on the Linux host where the agent is running. For example, on systemd managed systems, log messages are included in journald. For other systems log messages are included in /var/log/syslog.

Lacework agent also maintains its own debug logs in /var/log/lacework/datacollector.log. Logs are automatically rotated and the maximum expected disk usage is 20MB.

Agent Upgrade

The Lacework agent is designed to auto-update and periodically check the Lacework cloud for the most recent release. If a new version is found, it is non-disruptively installed. Monitoring continues during this time and a machine reboot is NOT required. The Lacework agent can also be manually upgraded by downloading a new install.sh from the agent tab and reinstalling.

View Agent Versions

To view where the agents are running in your environment and what version of the agents are running, go to Resources > Agents in the Lacework Console. The Agent Monitor panel lists the IP addresses where the agent is running and the version number. Also, the Agent Upgrades panel lists the Agent versions that have generated events in your environment over time.