What Agents Do
The UTMStack Agent performs several critical functions:- Log Collection: Collects and forwards logs from your systems to the UTMStack server
- Integration Management: Enables integrations with various log sources (syslog, network devices, etc.)
- Command Execution: Executes commands and tasks remotely from the UTMStack server
- Data Retention: Manages local log storage and retention policies
- Security Monitoring: Provides real-time monitoring of system security events
Architecture
The agent communicates with the UTMStack server through multiple ports:- Agent Manager Port: Primary communication channel for agent management
- Log Auth Proxy Port: Secure log transmission
- Dependencies Port: Downloads updates and dependencies
Key Features
Automatic Registration
During installation, the agent automatically registers with the UTMStack server using a unique key, establishing a secure connection.Integration Support
The agent supports multiple integration types:- Syslog (UDP/TCP/TLS)
- Network device integrations
- Application-specific collectors
Local Data Storage
The agent maintains a local database for:- Buffering logs before transmission
- Storing configuration data
- Managing retention policies
TLS Certificate Management
For production environments, the agent supports loading custom TLS certificates to secure integrations.Agent Components
- Service Manager: Handles service installation, start/stop operations
- Collector Modules: Gathers logs from various sources
- Configuration Manager: Manages agent settings and server connection
- Update Manager: Downloads and applies agent updates
- Database: Local SQLite storage for logs and configuration
Next Steps
Windows Agent
Install and configure the agent on Windows systems
Linux Agent
Install and configure the agent on Linux systems
Configuration
Learn about agent configuration options
CLI Commands
Reference for all agent CLI commands