IBM Cloud Docs
Managing the Windows agent

Managing the Windows agent

You can deploy the Logging agent to collect and route infrastructure and application logs from Windows systems to an IBM Cloud Logs instance. For more information on supported Windows environments, see Logging agent for non-orchestarted environments.

The agent can be run as a Windows service to collect logs in the background. You can manage the agent by using sc.exe.

Deploying the agent

See Deploying the Logging agent for Windows.

Removing the logging agent

To remove the agent, remove the application directory.

  • Using the command prompt:

    rmdir /S "C:\Program Files\logs-agent"
    
  • Using Powershell:

    Remove-Item -Path "C:\Program Files\logs-agent" -Recurse -Force
    

Updating the logging agent

To update the agent, download a new agent Windows agent ZIP archive and follow the instructions below to update the Logging agent. For information about the current Logging agent version, see the agent release notes. For instructions on installing the Windows agent, see Deploy agent for Windows servers.

  1. Expand the Windows agent archive in the upgrade directory of your currently installed agent using Powershell.

    Expand-Archive -Path <archive_filename> -DestinationPath "C:\Program Files\logs-agent\upgrade"
    

    Where <archive_filename> is the name of the downloaded *.zip file.

  2. Copy the upgraded Logging agent program files.

    Get-ChildItem -Path "C:\Program Files\logs-agent\upgrade\logs-agent\bin" -Include *.exe,*.dll -File -Recurse | Copy-Item -Destination "C:\Program Files\logs-agent\bin" -Force
    Get-ChildItem -Path "C:\Program Files\logs-agent\upgrade\logs-agent\version.txt"  -File -Recurse | Copy-Item -Destination "C:\Program Files\logs-agent\version.txt" -Force
    
  3. Remove the temporary upgrade files.

    Remove-Item -Path "C:\Program Files\logs-agent\upgrade\" -Recurse -Force
    
    Remove-Item -Path $extractPath -Recurse -Force
    

Finding the installed agent version

Run the following command to find the installed agent version:

  • Using the command prompt:

    type "C:\Program Files\logs-agent\version.txt"
    
  • Using Powershell:

    Get-Content -Path "C:\Program Files\logs-agent\version.txt"
    

Creating a service that can be started and stopped by a non-root user

By default, only administrators can manage services. To grant a specific user or group the ability to start and stop the service, use sc.exe sdset to modify the sercurity descriptor of the agent service.

  • Get the current security descriptor by running the following command.

    sc.exe sdshow fluent-bit
    

    The output will be the security descriptor for the agent service and will be similar to the following.

    D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A; ;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
    
  • Add a new user to the service security descriptor.

    The format for granting permissions is A;;RPWP;;;SID where RP and WP are permissions to start and stop the service, and SID is the security identifier if a user or group.

    sc.exe sdset fluent-bit D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)(A;;RPWP;;;S-1-5-21-USER_SID)