A Common Process Discovery Agent (CPDA) runs a series of commands during Introspection to gather information about all the running processes. It also collects socket data for generating topology. You can see the complete logs of this agent in the task logs.

Note: This agent does not collect the introspection logs sensitive information like the command-line of the running processes during introspection logs.

Prepare a Custom CPDA

A default CPDA uses a special JSON file containing a list of processes with related details. You can prepare custom CPDA for process discovery. To avoid error scenarios, ensure to follow the below conditions in custom CPDA.

  • CPDA must not stop or affect any running process.
  • CPDA must create a rawProcessInfo.json file to read during the introspection process.
  • CPDA must also create an os.json file under the same working directory that has the appliance operating system specific details.

  • Save logs in the iris-agent.log file under the same working directory.

    /tmp/.iris/process_discovery/rawProcessInfo.json /tmp/.iris/process_discovery/os.json

  • For Linux, CPDA must run the init bash script which accepts following arguments.

    • <Working Dir>/rawProcessInfo.json

    • <Working Dir>/os.json

      Example: /bin/bash /tmp/.iris/process_discovery/run.sh

  • For Windows,
    • CPDA must also create an socketsOutFile.txt file under the working directory that contains all sockets related information. See A Sample CPDA files for Windows.
    • CPDA must run using init powershell script which accepts following arguments.
      • -osOutFile os.json
      • -processOutFile rawProcessInfo.json
      • -socketsOutFile socketsOutFile.txt

        Example:

        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

        C:\Windows\Temp\irisAgent\WindowsCollector.ps1 -osOutFile os.json -processOutFile rawProcessInfo.json -socketsOutFile socketsOutFile.txt

  • CPDA must update the rawProcessInfo.json and os.json files.