Getting Started
- System Requirements
- Installation
- Assign Service Logon As Credentials
- Registration
- Version Support Policy
Agent-Based Management
Common Tasks
- Account Lockout Monitoring and Reporting
- Event Log Archiving for JSIG and CMMC Compliance
- Exporting and Importing Configuration Objects
- Merging Logs
- Amazon S3 Bucket Support
- Azure File Share Support
Data Providers
- Data Provider Properties
- SQLite Properties
- MySQL Properties
- Microsoft SQL Server Properties
- File System Properties
Directory Services
Auditing
- Audit Work Items
- Self-Auditing
- Group Policy Auditing
- Password Expiry Auditing
Hosts
- Adding Hosts
- Host Properties
- Batch Update Hosts
- Agent Properties
- Logon As Properties
- SFTP Properties
- FTP/S Properties
- SNMP Device Connection Properties
- WMI
- Contact
- Exclusions
- Inventory
- Docker
- Host Assignments
Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
Monitors
- Monitor Hierarchy
- Temporarily Suppress Monitors Actions
Reports
- Report Properties
- Security Reports
- Generic Log Reports
- File and Permission Reports
- Summary Reports
- Artificial Intelligence Reports
  - AI Anomaly Detection Report
  - AI Anomaly Detection Report (Template Triggers)
Auto-Configurators
Filters
- Simple Filters
- Complex Filters
Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
Schedules
- Fixed Schedules
- Range Schedules
- Real-Time Schedules
Environment Variables
Options
- Email Settings
- Security Settings
- Syslog Server Settings
- SNMP Trap Server Settings
- Log Viewer Settings
- Web Proxy Settings
- Miscellaneous Settings
- Logging Settings
SNMP
- SNMP Browser
SSH Shell
Syslog
Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
Command Line Interface
Server Configuration
Agent Configuration
Troubleshooting
- Arithmetic Overflow
- Access Denied
- MySQL: Fatal error encountered during command execution
- Invalid Class
- No Such Interface Supported
- Quota Violation
- The File Exists Errors
- The Interface is Unknown
- The RPC Server is Unavailable
- NetBIOS Errors
Terminology

Linux Agent Installation

In this Topic

Tutorials
Background
Supported Templates
System Requirements
How to Remotely Install the Linux Agent
How to Manually Install the Linux Agent
How to Upgrade the Linux Agent
How to Re-Configure the Agent
How to Configure Templates to Run on the Agent
Troubleshooting

Tutorials

How to Install the Corner Bowl Server Manager Agent on RHEL

Background

Server Manager includes a Linux Agent to remotely manage Linux hosts. Our agent-based solution solves several security and performance issues with existing built-in technologies and security implementations. To understand the benefits, we must first understand the technologies used to remotely manage Linux hosts without an agent.

Agentless Management

Linux (Red Hat (RHEL) and Ubuntu)

Linux Audit Logs are downloaded using a two step process that utilizes both SSH and SFTP. Since audit logs are in a protected directory, SSH must be used to login as a superuser then copy files from the protected directory to a temporary directory. Once complete, the SSH connection is closed then a new SFTP connection opened, which then downloads the audit log files from the temporary directory.

Security and Performance Issues

Remote connections require root or superuser access to copy audit logs.
SFTP typically has limited access to operating system files and audit logs.
Each time an audit log's latest contents are retreived, the entire log is copied then downloaded, a highly ineffecient method when download new entries every few minutes.
Real-time log monitoring is not supported.

Agent-Based Management Benefits

The Linux Agent runs with root access enabling the software to access audit logs without generating logon events.
All data is transmitted over a single TLS 1.2/3 capable TCP/IP port using a highly efficient binary protocol stack.
Audit logs are efficiently accessed, parsed, and filtered directly on each Linux host prior to transmitting the latest filtered entries to the Management Server.
Real-time log monitoring is fully supported.

Supported Templates

The following templates are currently supported on Linux:

System Requirements

The Linux Server requires the .Microsoft .NET 8 Runtime to be installed. For more information see: Install .NET on Linux.

How to Remotely Install the Linux Agent

Add the hostname or IP add to Corner Bowl Server Manager. For more informatino see: Adding Hosts.
Configure the Linux host's SSH/SFTP connection with superuser credentials. For more informatino see: SSH/SFTP Properties
From the Host Properties View, select the Agent Tab, then click the Install Agent button.

How to Manually Install the Linux Agent

From your Internet browser, log into Corner Bowl Software.
Once logged in, from the Menu Barselect Downloads.
From the Downloads Page, if you are running RHEL 9+ locate the Agent RHEL 9 RPM, otherwise select the Agent ZIP then click the Download button
If you downloaded the RPM, from command-line, type:

sudo rpm -i cbsmagent-25.0.0.x-1.el9.x86_64.rpm

Where 25.0.0.x is replaced with the actual version being installed.
Otherwise, if you downloaded the zip, decompress the zip file then run the install.sh script. For example:

linuxagent2025.zip 
sudo install.sh

Where 25.0.0.x is replaced with the actual version being installed.
Verify the service has started, for example:

cat /var/log/corner-bowl/agent.log

How to Configure TLS 1.2/3 or Change the TCP/IP Port

For more information see Agent Configuration.

How to Update the Windows Agent

Once installed, the agent uses the Corner Bowl TCP/IP connection to the server to download both major and minor updates, then automatically installs the downloaded version.

Troubleshooting

If the Agent does not appear to be connecting or processing Templates, view the Agent's verbose output log for detailed information. The log file is located in the following directory on each remotely managed host:

/var/log/corner-bowl/agent.log

Open a command-prompt, then type the following command to tail the log file:

tail -f /var/log/corner-bowl/agent.log

Monitor the file for at least 2 minutes. 9 times of out of 10, there is a connection error due to the tcpserver.json file not specifying the correct host or other invalid parameter, a firewall blocking the default port, 21843, on the Corner Bowl Server Manager Service host, or the Agent Server is configured to use DNS or FQDN lookup when instead the local hostname is expected. All of these error scenarios are easily identified when tailing the agent.log file.

Table of Contents