Login
      Contents x
      Enable Safe-mode
      • 15 Jul 2024
      • 2 Minutes to read
      • PDF
      Contents

      Enable Safe-mode

      • Updated on 15 Jul 2024
      • 2 Minutes to read
      • PDF
      Article summary

      What is Safe-mode?

      Safe-mode instructs the agent to stop collecting endpoint telemetry due to incompatibilities or risks identified. This unique feature gives you both proactive and reactive capabilities to ensure the agent is running safely and performantly on your endpoints.

      Safe-mode conditions

      An agent will go into safe-mode when one of the following conditions occurs:

      1. The agent has identified incompatibilities with the endpoint

        Example: The agent was installed on an unsupported Operating System (distribution or version)

      2. The agent is remotely configured to go into safe-mode. See below for more details.

      To do this, the sensor restarts, ensuring that all memory usage is reset, and enters and remains in safe mode until the sensor's periodic checks of its remote config indicate that no more unsafe conditions exist. The sensor will exit safe mode once it has ensured safe operating parameters.

      Determining if safe-mode is enabled for an endpoint

      1. From the navigation menu click on Endpoints

      2. Find the endpoint in question and load the endpoint page.

      3. Take note of the status of the safe-mode button in the upper right corner of the page.

        Safe_Mode.png

        Note: Hovering over the button will display the reason the endpoint is in safe-mode.

      Explicitly enabling safe-mode for an endpoint

      You can explicitly enable safe-mode for any endpoints in your environment. 

      1. From the navigation menu click on Endpoints

      2. Find the endpoint in question and load the endpoint page.

      3. Click Enable safe mode button.

      Explicitly enabling safe-mode for all endpoints

      1. From the navigation menu click on Endpoints

      2. In the table, click Disable Telemetry Collection.
        Disable_telemetry.png

      Enabling and disabling safe-mode via the command line

      To manually enable Safe Mode through the command line, you can run:

      /opt/redcanary/cfctl safe --enable

      To disable Safe Mode and return the agent to normal operation through the command line, run:

      /opt/redcanary/cfctl safe --disable

      Configuring logging

      The maximum size of logs spooled and the location of the log directory can be adjusted by modifying the agent's configuration file. Log spooling uses a dedicated location for storing logs if telemetry is not able to be offloaded quickly enough. In most cases the spooling directory will be empty. Be aware that the logs in the spooling directory should not be confused with agent log files which are in CSV format.

      Configuration file

      /opt/redcanary/config.json

      Maximum size of log directory

      Add the following key-value pair to the configuration file, replacing `` with the new directory size.

      Note: 1024 MB is the default.

      "max_log_directory_size_mbytes":""

      Location of log directory

      The following directory is the default location for spooled logs.

      /opt/redcanary/spool

      This can be modified by adding the below key-value pair to the configuration file, replacing `` with the new directory path.

      Note: The path set is relative to `/opt/redcanary/`.

      "spool_directory_name":""

       

       

       

      Was this article helpful?
      What's Next
      PRODUCTS
      USE RED CANARY
      SUPPORT
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout