Envoy

Some tCell features are not available

Account Takeover is not available on IIS Web Server.

Supported Technologies

tCell can provide custom builds of following Envoy versions 12-15.

Prerequisites

  • A tCell account
  • An application created (Admin > Applications)
  • Allow output HTTPS connections to the tCell cloud: What IPs do tCell agents connect to?
  • Download the config file:
    1. Click tCell Admin in the top nav bar
    2. Click Download Agent
    3. Click on Web Server Agent
    4. Select the Envoy agent
    5. Select Create New API Key, which is the default
    6. Click Download Config File to download the agent's config file, which is pre-populated with the application and API key information

Installation

  1. The agent is built into the Envoy binary. To download the agent, run
    1
    docker pull rapid7/tcell-envoy:latest
  2. Add the tcell_agent.config to your tCell directory. By default, the docker image is configured to use /tcell.
  3. Update your envoy_config.yaml to include the tcell http filter. It will look similar to this:
    1
    http_filters:
    2
    - name: tcell
    3
    - name: envoy.filters.http.router

The docker image is configured to look for your config file at /etc/envoy/envoy_config.yaml.

Verification

To verify that data is being sent to tCell, go to your tCell console. Look at the application you just created and confirm that the number of app server agents is greater than 0.

Troubleshooting

Startup errors are logged in the Envoy log file. Once the agent has started, all errors will be logged to the tcell.log file. tcell.log files can be found in tcell/log directory.

You can customize log levels in tcell_agent.config file by adding a block similar to this one in the application section of the json file:

json
1
"logging_options": {
2
"enabled": true,
3
"level": "INFO"
4
}

Valid levels are:

  • DEBUG
  • INFO (default)
  • WARN
  • ERROR For an example, see the tcell_agent.config.template in the tcell directory.