Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Monitor the Bindplane Agent

To monitor agent logs, we will set up the Bindplane Agent source that will send log files from the Agent itself. These logs contain information about the health of your Bindplane Agent.

For this, we will need an already deployed agent from any existing configuration you already have set up. No additional server configuration is needed, we will just go into any of the configurations you would like to gather Agent logs from and click 'Add Source'. From there select the 'Bindplane Agent' source like in the example below:

observiqdocs - Adding a Bindplane Agent source - image 1

We can leave this on default as well for this example, and simply click 'Save':

observIQ docs - Adding a Bindplane Agent source - image 2

All that is left is to push out the configuration to the Agents by running a "Start Rollout". With that source rolled out to the Agent machines, your Bindplane Agent logs will now be sent to the destination of your choice. Below is an example of those logs on a Google Cloud Destination:

observIQ docs - BPOP logs in Google Cloud - image 1

note

📘 Important Adding processors to this agent could cause problems, as it would create entries in this same log file, which could lead to infinite error messages.
Add any processors sparingly and thoroughly test afterward to ensure it is following the intended behavior.

If you haven't yet, you can also set up monitoring of the Bindplane OP server itself.