Remote Stop, Start and Uninstall of Agent
3 min
under linux agent > agent dashboard , when you click the “all agents” tab, all registered agents are listed using the setting button on each agent, you can perform agent specific actions such as stopping or restarting agent services and uninstalling the agent the workflow starts when the agent retrieves the action from pam in other words, the action is not pushed from kron pam; the agent periodically checks in and pulls it this process typically takes around 1 minute you can determine the agent’s status by the color of the windows icon · green → all agent services are running and functioning properly · black → the agent has been uninstalled from the endpoint · red → the service responsible for enforcing policies is stopped · the online / offline label indicates whether the agent is sending heartbeats to pam (i e , whether it is up and reachable) when the agent is uninstalled, its status changes to offline and the icon turns black session and authentication logs there are 2 main kinds of log being sent to kron pam, one of them is user authentication logs and the other one is session logs 1 authentication logs whenever a user attempts to log in to an endpoint with a linux agent installed, this activity can be audited on the authentication log page in kron pam the agent reports all login operations to kron pam, regardless of whether the attempt was successful or unsuccessful additionally, the logs provide visibility into whether the user was prompted for an otp (one time password) during the login process 2 session logs sessions logs contain the actions carried by the user in the endpoint it displays which commands are launched and whether it was allowed, blocked, or elevated by the agent an example of a session log is shown below logs can be seen on session based in the session log tab or individually in the command logs tab session logs or command logs can be filtered by “linux agent” , as other protocols may also write to these logs users can access the session details upon clicking the button on the right side under actions column when "show details" is clicked, a comprehensive breakdown of all actions taken by the end user on the agent installed endpoint during a specific session is displayed the following information is visible, complete with precise timestamps · command details the exact command the user attempted to execute · process id (pid) the specific pid associated with the process · action status whether the command was executed (elevated) , allowed , or blocked · policy reference which specific rule or policy was triggered to determine the outcome of the process