Server Agent command line reference

This topic provides a reference of available commands you can use to perform certain functions on the Server Agent from a command prompt.

For help at the command line, type the following at a command prompt:

vagent -h

The following table provides a description of the individual command options.

NOTE  All command line options are case sensitive.

Server Agent Command Line Options

Option

Description

Command Syntax / Examples

General options

-h

Lists the Server Agent command options with a brief explanation of each command.

vagent -h

-V

Displays detailed version information of the Server Agent.

vagent -V

Execution options

-s

Starts the Server Agent as a standalone console application so that its progress can be viewed at the console. All scan and check-in processing are performed according to the configured schedule.

vagent -s

-1

Runs all scheduled Server Agent actions once. The agent scans the local system according to its configured parameters, checks in with the Trust Protection Platform server, then shuts down.

NOTE  If you run this option in combination with -s, the Server Agent runs a single time in standalone mode.

vagent -1

vagent --runonce

-e severity

Runs logging at the designated log level for the current session only. Server Agent events are written to syslog or the Windows event log.

Compare with the action logging=log_level and -v options.

For more information about log levels—called logging thresholds—see Logging thresholds for Agent-related log items.

vagent -e warning

-v

Dump contents of Agent log files to stdout.

 

Configuration options

--add key=value

Use the --add command only to define multi-value keys such as include or keystore. If you are defining a single-value key, use the --modify command.

For a listing of all the agent’s configuration keys and their current values, enter vagent --list all.

vagent --add keystore=”NATIVE,c:\keystores\bundle.pem”

-c key

--clear key

Clears all values for the configuration keys.

For a listing of all the Agent’s configuration keys and their current values, enter vagent --list all.

For a listing of the add command syntax, enter vagent -c help.

vagent -c registration_password [or proxy_url]

vagent --clear proxy_url

-f XML_filename

--file XML_filename

Reconfigures the Venafi Agent using configuration commands from the designated XML file. Can be used to customize the agent after initial installation.

Unix and Linux-based systems have the following example file:
/opt/venafi/agent/docs/Venafi-Agent-Sample-Config.xml

Please contact Venafi Support for assistance with this option.

vagent -f c:\temp\vagentconfig.xml

vagent --file c:\temp\vagentconfig.xml

-l [key|all]

--list [key|all]

Lists the value of the designated configuration key.

If you enter “all” rather than a specific key, the Server Agent returns a list of all its configuration keys and their current values.

For a listing of all the agent’s configuration keys and their current values, enter vagent --list all.

vagent -l server_url

vagent -l checkin_delay

vagent --list all

-m key=replacement_value

--modify key=replacement_value

Replaces all values of the designated key with the value specified in the command.

For example, vagent -m server_url

Use the --modify command to define single-value keys such as logging or server_url. If you use the --modify command to define multi-value keys, it replaces all instances of the designated key with the new value.

For a listing of all the agent’s configuration keys and their current values, enter vagent --list all.

For a listing of the modify command syntax, enter vagent -m help.

vagent -m logging=critical

vagent -m validate=1

 

-x key=value

--delete key=value

Deletes a specific value in a multi-value key.

For a listing of all the Agent’s configuration keys and their current values, enter vagent --list all.

For a listing of the add command syntax, enter vagent -x help.

vagent -x include=“c:\”

vagent --delete include-recursive=”c:\”

Advanced options

-D directory

Specifies an alternative database root

 

Configuration settings

action checkin_delay=delay_time_in_minutes

Delays Server Agent check-in at startup for the amount of time (in minutes) that you specify. Trust Protection Platform chooses a random value that is within the time you specify.

This command is designed to minimize impact in situations where you have many systems that are running the Server Agent but that need to be restarted simultaneously. Applying a check-in delay to those agents can help you avoid overloading the systems during the reboot.

The exact value of the delay that is calculated by the Server Agent is between 1 and 18 minutes. The value is calculated so as to stagger check-in times across the installed agents.

The calculated value is logged in the events.sq3 file. For additional information about the sq3 file, see About the events.sq3 file.

vagent -m checkin_delay=18

action -dump_statistics=value

Instructs Server Agent to dump the SSH log delivery statistics into the agent’s event log file.

Possible Values:

1 or true

0 or false

vagent -m dump_statistics=true

action -heartbeat_interval=hourly_interval

The hourly frequency that Server Agent sends a heartbeat to Trust Protection Platform. Possible values are 0 through 24.

0 disables the heartbeat.

Any value between 1 and 24 sends a heartbeat at that hourly interval. For example, if the value is 6, Server Agent will send a heartbeat every 6 hours.

vagent -m heartbeat_interval=6

action -reserved_freespace=megabytes

Amount of disk space reserved to the operating system. Server Agent will not append discovered data if available free space is less than the specified value.

Amount is specified in megabytes.

vagent -m reserved_freespace=100

action server_url=TPP_server_address

Designates the IP address or hostname of the Trust Protection Platform server. (Trust Protection Platform recognizes both IPv4 and IPv6 addresses.) The agent connects to the Trust Protection Platform server to upload discovered encryption assets.

The server_url you specify must match the host name specified in the Venafi Operational Certificate (VOC).

vagent -m server_url=“https://noncorp.com/vedclient”

action registration_password=registrationPassword

Sets the password used for Agent Registration Settings.

vagent -m registration_password=[registrationPassword]

action server_thumbprint=serverThumbprint

Sets the Trust Protection Platform server thumbprint.

vagent -m server_thumbprint=[Thumbprint copied from Aperture]

action proxy_url=proxyURL

Lets you connect to proxy server if you can't get through, e.g. firewall rules that won't let you.

You must have View and Write permissions on the object for which you want to configure settings.

vagent -a proxy_url=string)

action proxy_username=proxyUsername

 

Specifies the username of proxy server's administrator.

vagent -m proxy_username=[administrator username]

action proxy_password=proxyPassword

Specifies the proxy server administrator's password.

 

vagent -m proxy_password=[administrator's password]

action report_random=1-60

To support large number of agents checking in, a random length of time is added to the report-step value. This allows many agents to check in during the configured window, while not all checking in at the start of the window. The value specified is the maximum minutes to wait after the start of the check in window. The default value causes the agent to check in at a random time, up to 60 minutes after the start of the check in window. This value must be less than the increment.

vagent -m report_random=60

action report_start=hour_1-24

Specifies the hour of day the Agent should check in with the Trust Protection Platform Server.

TIP  Time is sent in the 24-hour format designating the hour when to start where 2 is 2:00 a.m. and 14 is 2:00 p.m.

vagent -m report_start=4

action logging=log_level

Enables logging at the designated log level. Agent events are written to syslog or the Windows event log.

You can enable logging at the following levels, in order of verbosity (least to greatest):

  • Emergency
  • Alert
  • Critical
  • Error
  • Warning
  • Notice
  • Info

For more information, see Logging thresholds for Agent-related log items.

vagent -m logging=critical

For additional attributes that are helpful for troubleshooting Server Agent connectivity issues, see Troubleshooting: Manually disabling functionality using the command line.

Related Topics Link IconRelated Topics