Initiating Secure Agent data collection

A Secure Agent has all network communication disabled to and from the managing node (console). When you use Secure Agent, you must initiate data collection locally on secure managed nodes by using the command-line interface or the Collect Data Wizard. The best1collect_secure executable initiates data collection and supports local collection start and query functionality. When you use the command line, you use the at command to schedule the data collection, and you use the -u parameter to indicate that data is collected without using the network.

The best1collect_secure executable starts data collection by using the udrprovider executable. The udrprovider executable, not the agent (bgsagent) and service daemon, collects data from secure computers. udrprovider works like the agent without network functions. It writes UDR data for the duration of the collect run. At the end of the collect run, udrprovider exits. Each new collection request starts a new instance of udrprovider.

udrprovider writes to the following files in the %BEST1_COLLECT_HOME%\bgs\monitor\log directory:

  • udrprovider_instancestartTime.als - The current collection requests are stored in individual log files in this file. The current collection request file (.als) is deleted at the end of the Collect run.
  • udrprovider.als - The last 100 completed collection requests are stored in this file.
  • udrprovider.log and udrprovider.log.bak - All instances of udprovider write data to the .log file. The file is backed up when it reaches the 50 KB size limit.

Note

The collect-transfer-retry option present in Secure Agent data collection is not relevant for secure computers, because secure computers are not allowed to transfer data on the network.

Understanding best1collect_secure local and destination repository concepts are helpful in determining if the data is complete.

Ongoing collection data is written to the best1collect_secure local repository (-d repositoryDirectoryName). You can specify the best1collect_secure destination repository (-D repositoryDirectoryName) as an optional argument. At the end of the run, you can move data from the local repository to the destination repository to ensure that data is complete before any processing takes place.

Note

The secure computer must be able to access the destination and local repositories.

You can find out which collections are running and which collections are complete by using the best1collect_secure extended query (-Q ) option with -u. The query option shows the start date, node, instance, data repository, duration, and state. The state indicates if collection is complete (REQUEST_COMPLETE).

For more information about Secure Agent data collection, see:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*