Security Agent flare
Similar to the Agent flare, you can send necessary troubleshooting information to the Datadog support team with one flare command.
The flare asks for confirmation before upload, so you may review the content before the Security Agent sends it.
In the commands below, replace
<CASE_ID> with your Datadog support case ID if you have one, then enter the email address associated with it.
If you don’t have a case ID, just enter your email address used to login in Datadog to create a new support case.
docker exec -it datadog-agent security-agent flare <CASE_ID>
kubectl exec -it <POD_NAME> -c security-agent -- security-agent flare <CASE_ID>
sudo /opt/datadog-agent/embedded/bin/security-agent flare <CASE_ID>
Agent Self tests
In order to ensure that the communication between the
security-agent and the
system-probe is working as expected and that Cloud Workload Security is able to detect system events, you can manually trigger self tests by running the following command:
docker exec -it datadog-agent security-agent runtime self-test
kubectl exec -it <POD_NAME> -c security-agent -- security-agent runtime self-test
sudo /opt/datadog-agent/embedded/bin/security-agent runtime self-test
The self-test procedure creates some temporary files and rules to monitor them, and then triggers those rules to ensure that events are correctly propagated.
The following response appears when rules are propagated.
You can now see events coming from the
runtime-security-agent in the Log Explorer.