Envoy
Some tCell features are not available
Account Takeover is not available on Envoy.
Supported Technologies
tCell can provide custom builds of Envoy versions 12 through 15.
Prerequisites
- A tCell account
- An application (created with Admin > Applications)
- Outbound HTTPS connections to the tCell cloud allowed: What IPs do tCell agents connect to?
- A downloaded config file. To download:
- Click tCell Admin in the top nav bar.
- Click Download Agent.
- Click on Web Server Agent.
- Select the Envoy agent.
- Select Create New API Key, which is the default.
- Click Download Config File to download the agent's config file, which is pre-populated with the application and API key information.
Installation
- The agent is built into the Envoy binary. To download the agent, run
1docker pull rapid7/tcell-envoy:latest
- Add the
tcell_agent.config
file to your tCell directory. By default, the docker image is configured to use/tcell
. - Update your
envoy_config.yaml
file to include the tCell HTTP filter. It will look similar to this:1http_filters:2- name: tcell3- name: envoy.filters.http.router
The docker image is configured to look for your envoy_config.yaml
file in /etc/envoy/
.
Verification
To verify that data are being sent to tCell, go to your tCell console. Look at the application you just created and confirm that the number of app server agents is greater than 0.
Troubleshooting
Startup errors are logged in the Envoy log file. Once the agent has started, all errors will be logged to the tcell.logs
file in the tcell/logs
directory.
You can customize log levels in the tcell_agent.config
file by adding a block similar to this one in the application section of the json file:
json
1"logging_options": {2"enabled": true,3"level": "INFO"4}
Valid levels are:
- DEBUG
- INFO (default)
- WARN
- ERROR
For an example, see the tcell_agent.config.template
file in the tcell
directory.