Managing the Windows agent
You can deploy the Logging agent to collect and route infrastructure and application logs from Windows systems to an IBM Cloud Logs instance. For more information on supported Windows environments, see Logging agent for non-orchestarted environments.
The agent can be run as a Windows service to collect logs in the background. You can manage the agent by using sc.exe
.
Deploying the agent
Removing the logging agent
To remove the agent, remove the application directory.
-
Using the command prompt:
rmdir /S "C:\Program Files\logs-agent"
-
Using Powershell:
Remove-Item -Path "C:\Program Files\logs-agent" -Recurse -Force
Updating the logging agent
To update the agent, download a new agent Windows agent ZIP archive and follow the instructions below to update the Logging agent. For information about the current Logging agent version, see the agent release notes. For instructions on installing the Windows agent, see Deploy agent for Windows servers.
-
Expand the Windows agent archive in the
upgrade
directory of your currently installed agent using Powershell.Expand-Archive -Path <archive_filename> -DestinationPath "C:\Program Files\logs-agent\upgrade"
Where
<archive_filename>
is the name of the downloaded*.zip
file. -
Copy the upgraded Logging agent program files.
Get-ChildItem -Path "C:\Program Files\logs-agent\upgrade\logs-agent\bin" -Include *.exe,*.dll -File -Recurse | Copy-Item -Destination "C:\Program Files\logs-agent\bin" -Force Get-ChildItem -Path "C:\Program Files\logs-agent\upgrade\logs-agent\version.txt" -File -Recurse | Copy-Item -Destination "C:\Program Files\logs-agent\version.txt" -Force
-
Remove the temporary upgrade files.
Remove-Item -Path "C:\Program Files\logs-agent\upgrade\" -Recurse -Force Remove-Item -Path $extractPath -Recurse -Force
Finding the installed agent version
Run the following command to find the installed agent version:
-
Using the command prompt:
type "C:\Program Files\logs-agent\version.txt"
-
Using Powershell:
Get-Content -Path "C:\Program Files\logs-agent\version.txt"
Creating a service that can be started and stopped by a non-root user
By default, only administrators can manage services. To grant a specific user or group the ability to start and stop the service, use sc.exe sdset
to modify the sercurity descriptor of the agent service.
-
Get the current security descriptor by running the following command.
sc.exe sdshow fluent-bit
The output will be the security descriptor for the agent service and will be similar to the following.
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A; ;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
-
Add a new user to the service security descriptor.
The format for granting permissions is
A;;RPWP;;;SID
whereRP
andWP
are permissions to start and stop the service, andSID
is the security identifier if a user or group.sc.exe sdset fluent-bit D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)(A;;RPWP;;;S-1-5-21-USER_SID)