Do you want to get the most out of Axonius CLI? With the dataset shell monitor, you can monitor Axonius CLI and reap all the benefits it has to offer by leveraging dataset's ability to search and correlate quickly. This includes running custom saved queries on a schedule, generating summaries of the data through powerqueries, setting alerts, monitoring computations, and linking to the Axonius UI for more detail and actions.
In this article, we will walk you through setting up the dataset shell monitor to work with the Axonius CLI.
Prereqs
- Python (windows, linux, mac)
- install from python.org in windows
- install from package manager linux
- install from brew in mac
- PIP (windows, linux, mac)
- Axonius CLI
pip install axonius-api-client
- Dataset Agent
- Powershell/Bash
Configure Ingestion
- Make sure all prereqs are setup.
- Configure the Axonius CLI API Keys
//windows
[System.Environment]::SetEnvironmentVariable('AX_URL','https://url.axonius.com', 'Machine')
[System.Environment]::SetEnvironmentVariable('AX_KEY','xxxxxx', 'Machine')
[System.Environment]::SetEnvironmentVariable('AX_SECRET','yyyyyy', 'Machine')
[System.Environment]::SetEnvironmentVariable('AXONSHELL','C:\Users\Administrator\AppData\Local\Programs\Python\Python311\Scripts\axonshell.exe', 'Machine')//unix
export AX_URL="x" AX_KEY="x" AX_SECRET="x" - Add your command to dataset agent shell monitor - link
(Full example below)
Configure Parsing
- Navigate to the the parser set in the agent. In this case it is Axonius.
- Open Dataset console
- Navigate to Config files
- logparsers/Axonius
- edit
- Paste parser (link)
Configure Line Linking
- Navigate to your dataset console.
- Navigate to config files
- Paste config file
Configure Dashboard
- Navigate to your dataset console.
- Create Dashboard
- Edit JSON
- Paste dashboard config file
Conculsion
In conclusion, the dataset shell monitor is a great tool for monitoring Axonius CLI. With it, users can get the most out of their Axonius CLI data by scheduling custom queries, generating summaries, setting alerts, and linking to the Axonius UI. By following the prerequisites and instructions outlined in this article, users can easily get started with the dataset shell monitor.
Samples
- Agent.json
//unix
{
api_key: "foo"
logs: [
{ path: "/var/log/axonius/ax.log", attributes: {parser: "json"} }
],
monitors: [
{
module: "scalyr_agent.builtin_monitors.shell_monitor",
id: "cmd",
command: "axonshell devices get-by-saved-query --name "Linux Servers in Azure" --max-rows 100 | jq -c '.[]'>> /var/log/axonius/ax.log"
max_characters: "10"
sample_interval: 60
}
]
}//windows (powershell)
{
api_key: "foo"
logs: [
{ path: "C:\\Program Files (x86)\\Scalyr\\log\\axonius.log", attributes: {parser: "axonius"} }
],
monitors: [
{
module: "scalyr_agent.builtin_monitors.windows_event_log_monitor",
channels: [
{ "channel": [ "Application", "Security", "System", "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational","TerminalServices-RDPClient/Operational", "TerminalServices-RemoteConnectionManager/Operational", "RemoteDesktopServices-RDPCoreTS /Operational", "TerminalServices-LocalSessionManager/Operational","TerminalServices-LocalSessionManager/Operational" ],
"query": "*[System/Level=0 or System/Level=1 or System/Level=2 or System/Level=3 or System/Level=4]"
}
]
},
{
module: "scalyr_agent.builtin_monitors.shell_monitor",
id: "cmd",
command: "powershell -command \" C:\\Users\\Administrator\\AppData\\Local\\Programs\\Python\\Python311\\Scripts\\axonshell.exe devices get-by-saved-query --name 'CUSTOM SAVED AXONIUS QUERY' --max-rows 100 | Out-File -Encoding ASCII -FilePath 'C:\\Program Files (x86)\\Scalyr\\log\\axonius.log' -Append\""
max_characters: "10000"
sample_interval: 300
}
]
}
Comments
0 comments
Please sign in to leave a comment.