Troubleshooting

Security Agent flare

Similar to the Agent flare, you can send necessary troubleshooting information to the Datadog support team with one flare command.

The flare asks for confirmation before upload, so you may review the content before the Security Agent sends it.

In the commands below, replace <CASE_ID> with your Datadog support case ID if you have one, then enter the email address associated with it.

If you don’t have a case ID, just enter your email address used to login in Datadog to create a new support case.

PlatformCommand
Dockerdocker exec -it datadog-agent security-agent flare <CASE_ID>
Kuberneteskubectl exec -it <POD_NAME> -c security-agent -- security-agent flare <CASE_ID>
Hostsudo /opt/datadog-agent/embedded/bin/security-agent flare <CASE_ID>

Agent Self tests

In order to ensure that the communication between the security-agent and the system-probe is working as expected and that Cloud Workload Security is able to detect system events, you can manually trigger self tests by running the following command:

PlatformCommand
Dockerdocker exec -it datadog-agent security-agent runtime self-test
Kuberneteskubectl exec -it <POD_NAME> -c security-agent -- security-agent runtime self-test
Hostsudo /opt/datadog-agent/embedded/bin/security-agent runtime self-test

The self-test procedure creates some temporary files and rules to monitor them, and then triggers those rules to ensure that events are correctly propagated.

The following response appears when rules are propagated.

Runtime self test: OK

You can now see events coming from the runtime-security-agent in the Log Explorer.

Self test events in the Log Explorer