Envoy

Some tCell features are not available

Account Takeover is not available on Envoy.

Supported Technologies

tCell can provide custom builds of Envoy versions 12 through 15.

Prerequisites

  • A tCell account
  • An application (created with Admin > Applications)
  • Outbound HTTPS connections to the tCell cloud allowed: What IPs do tCell agents connect to?
  • A downloaded config file. To download:
    1. Click tCell Admin in the top nav bar.
    2. Click Download Agent.
    3. Click on Web Server Agent.
    4. Select the Envoy agent.
    5. Select Create New API Key, which is the default.
    6. Click Download Config File to download the agent's config file, which is pre-populated with the application and API key information.

Installation

  1. The agent is built into the Envoy binary. To download the agent, run
    1
    docker pull rapid7/tcell-envoy:latest
  2. Add the tcell_agent.config file to your tCell directory. By default, the docker image is configured to use /tcell.
  3. Update your envoy_config.yaml file to include the tCell HTTP filter. It will look similar to this:
    1
    http_filters:
    2
    - name: tcell
    3
    - name: envoy.filters.http.router

The docker image is configured to look for your envoy_config.yaml file in /etc/envoy/.

Verification

To verify that data are being sent to tCell, go to your tCell console. Look at the application you just created and confirm that the number of app server agents is greater than 0.

Troubleshooting

Startup errors are logged in the Envoy log file. Once the agent has started, all errors will be logged to the tcell.logs file in the tcell/logs directory.

You can customize log levels in the tcell_agent.config file by adding a block similar to this one in the application section of the json file:

json
1
"logging_options": {
2
"enabled": true,
3
"level": "INFO"
4
}

Valid levels are:

  • DEBUG
  • INFO (default)
  • WARN
  • ERROR

For an example, see the tcell_agent.config.template file in the tcell directory.