Server Agent command line reference
This topic provides a reference of available commands you can use to perform certain functions on the Server Agent from a command prompt.
For help at the command line, type the following at a command prompt:
vagent -h
The following table provides a description of the individual command options.
NOTE All command line options are case sensitive.
Option |
Description |
Command Syntax / Examples |
---|---|---|
General options |
||
Lists the Server Agent command options with a brief explanation of each command. |
vagent -h |
|
-V |
Displays detailed version information of the Server Agent. |
vagent -V |
Execution options |
||
Starts the Server Agent as a standalone console application so that its progress can be viewed at the console. All scan and check-in processing are performed according to the configured schedule. |
vagent -s |
|
-1 |
Runs all scheduled Server Agent actions once. The agent scans the local system according to its configured parameters, checks in with the Trust Protection Platform server, then shuts down. NOTE If you run this option in combination with -s, the Server Agent runs a single time in standalone mode. |
vagent -1 vagent --runonce |
Runs logging at the designated log level for the current session only. Server Agent events are written to syslog or the Windows event log. Compare with the action logging=log_level and -v options. For more information about log levels—called logging thresholds—see Logging thresholds for Agent-related log items. |
vagent -e warning |
|
Dump contents of Agent log files to stdout. |
|
|
Configuration options |
||
--add key=value |
Use the --add command only to define multi-value keys such as include or keystore. If you are defining a single-value key, use the --modify command. For a listing of all the agent’s configuration keys and their current values, enter vagent --list all. |
vagent --add keystore=”NATIVE,c:\keystores\bundle.pem” |
-c key --clear key |
Clears all values for the configuration keys. For a listing of all the Agent’s configuration keys and their current values, enter vagent --list all. For a listing of the add command syntax, enter vagent -c help. |
vagent -c registration_password [or proxy_url] vagent --clear proxy_url |
-f XML_filename --file XML_filename |
Reconfigures the Venafi Agent using configuration commands from the designated XML file. Can be used to customize the agent after initial installation. Unix and Linux-based systems have the following example file: Please contact Venafi Support for assistance with this option. |
vagent -f c:\temp\vagentconfig.xml vagent --file c:\temp\vagentconfig.xml |
-l [key|all] --list [key|all] |
Lists the value of the designated configuration key. If you enter “all” rather than a specific key, the Server Agent returns a list of all its configuration keys and their current values. For a listing of all the agent’s configuration keys and their current values, enter vagent --list all. |
vagent -l server_url vagent -l checkin_delay vagent --list all |
-m key=replacement_value --modify key=replacement_value |
Replaces all values of the designated key with the value specified in the command. For example, vagent -m server_url Use the --modify command to define single-value keys such as logging or server_url. If you use the --modify command to define multi-value keys, it replaces all instances of the designated key with the new value. For a listing of all the agent’s configuration keys and their current values, enter vagent --list all. For a listing of the modify command syntax, enter vagent -m help. |
vagent -m logging=critical vagent -m validate=1
|
-x key=value --delete key=value |
Deletes a specific value in a multi-value key. For a listing of all the Agent’s configuration keys and their current values, enter vagent --list all. For a listing of the add command syntax, enter vagent -x help. |
vagent -x include=“c:\” vagent --delete include-recursive=”c:\” |
Advanced options |
||
-D directory |
Specifies an alternative database root |
|
Configuration settings |
||
action checkin_delay=delay_time_in_minutes |
Delays Server Agent check-in at startup for the amount of time (in minutes) that you specify. Trust Protection Platform chooses a random value that is within the time you specify. This command is designed to minimize impact in situations where you have many systems that are running the Server Agent but that need to be restarted simultaneously. Applying a check-in delay to those agents can help you avoid overloading the systems during the reboot. The exact value of the delay that is calculated by the Server Agent is between 1 and 18 minutes. The value is calculated so as to stagger check-in times across the installed agents. The calculated value is logged in the events.sq3 file. For additional information about the sq3 file, see About the events.sq3 file. |
vagent -m checkin_delay=18 |
action -dump_statistics=value |
Instructs Server Agent to dump the SSH log delivery statistics into the agent’s event log file. Possible Values: 1 or true 0 or false |
vagent -m dump_statistics=true |
action -heartbeat_interval=hourly_interval |
The hourly frequency that Server Agent sends a heartbeat to Trust Protection Platform. Possible values are 0 through 24. 0 disables the heartbeat. Any value between 1 and 24 sends a heartbeat at that hourly interval. For example, if the value is 6, Server Agent will send a heartbeat every 6 hours. |
vagent -m heartbeat_interval=6 |
action -reserved_freespace=megabytes |
Amount of disk space reserved to the operating system. Server Agent will not append discovered data if available free space is less than the specified value. Amount is specified in megabytes. |
vagent -m reserved_freespace=100 |
action server_url=TPP_server_address |
Designates the IP address or hostname of the Trust Protection Platform server. (Trust Protection Platform recognizes both IPv4 and IPv6 addresses.) The agent connects to the Trust Protection Platform server to upload discovered encryption assets. The server_url you specify must match the host name specified in the Venafi Operational Certificate (VOC). |
vagent -m server_url=“https://noncorp.com/vedclient” |
action registration_password=registrationPassword |
Sets the password used for Agent Registration Settings. |
vagent -m registration_password=[registrationPassword] |
action server_thumbprint=serverThumbprint |
Sets the Trust Protection Platform server thumbprint. |
vagent -m server_thumbprint=[Thumbprint copied from Aperture] |
action proxy_url=proxyURL |
Lets you connect to proxy server if you can't get through, e.g. firewall rules that won't let you. You must have View and Write permissions on the object for which you want to configure settings. |
vagent -a proxy_url=string) |
action proxy_username=proxyUsername
|
Specifies the username of proxy server's administrator. |
vagent -m proxy_username=[administrator username] |
action proxy_password=proxyPassword |
Specifies the proxy server administrator's password.
|
vagent -m proxy_password=[administrator's password] |
action report_random=1-60 |
To support large number of agents checking in, a random length of time is added to the report-step value. This allows many agents to check in during the configured window, while not all checking in at the start of the window. The value specified is the maximum minutes to wait after the start of the check in window. The default value causes the agent to check in at a random time, up to 60 minutes after the start of the check in window. This value must be less than the increment. |
vagent -m report_random=60 |
action report_start=hour_1-24 |
Specifies the hour of day the Agent should check in with the Trust Protection Platform Server. TIP Time is sent in the 24-hour format designating the hour when to start where 2 is 2:00 a.m. and 14 is 2:00 p.m. |
vagent -m report_start=4 |
Enables logging at the designated log level. Agent events are written to syslog or the Windows event log. You can enable logging at the following levels, in order of verbosity (least to greatest):
For more information, see Logging thresholds for Agent-related log items. |
vagent -m logging=critical |
For additional attributes that are helpful for troubleshooting Server Agent connectivity issues, see Troubleshooting: Manually disabling functionality using the command line.