On Demand Scan
You can run an On Demand Scan to instruct the agent to immediately scan as long as the agent is not already scanning. The On Demand Scan runs independently of the interval scan that you configure in the Configuration Profile and will reset the scan interval on the local agent after a successful scan.
Prerequisite: The agent must be activated for that specific Qualys application for which you are running the On Demand Scan. When activated, the Agent downloads manifests for that application from the Qualys platform; if the manifest is not present for that type, On Demand Scan will not execute.
Use the cloudagentctl.sh
script to run the On Demand Scan. This script is available at /Applications/QualysCloudAgent.app/Contents/MacOS/
.
># ./cloudagentctl.sh action={demand} type={vm|pc|inv|udc|sca|vmpc} cputhrottle={0-1000}
Where action
and type
are mandatory parameters.
The action
is “demand”, meaning an On Demand Scan.
The type
is the application for which you want to run the scan (the agent must be activated for the respective application first).
"vmpc" is a legacy application manifest and most likely may not be present.
cputhrottle
is 1-1000. Default is 0, which is no throttling.
For example, to initiate an On Demand Scan for the Vulnerability Management application (VM) with no throttling:
># ./cloudagentctl.sh action=demand type=vm
The script calls the agent to run asynchronously in the background and returns to the shell prompt. The script prints a ControlId
that you can track in the log file. The ControlId
is the time stamp of the script initiation, e.g. On-Demand-Request ControlId: 20200427151136.0
The On Demand Scan logs to the same log file as the agent at /var/log/qualys/qualys-cloud-agent.log
. You can find the logging for the scan initiation and completion in the log file.
2024-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:OnDemandRequest Params: ControlID=20200427151136.0, Action=OnDemand, Type=VM, CPUThrottle=0"
If the agent is currently performing an interval scan for the same type, the On Demand Scan will delay waiting for the currently running scan to finish. The script will print a log line with this status.
2024-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:Interval Event of same type is in progress with state INTERVAL_EVENT_SCAN
2024-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:OnDemand request for Control ID : 20200427151136.0 will be delayed.
If the script errors are due to the manifest file not being present, check whether the Cloud Agent is activated for that particular application. If the Cloud Agent is activated but you still get manifest-related errors while running the On Demand Scan, the agent may not have downloaded the manifest for that application. You can manually force a manifest download by deactivating then reactivating the agent for that application from the Cloud Agent user interface module. If that doesn't correct the issue, contact Qualys Support.
Once an On Demand Scan is complete the results are logged in the log file located at /var/log/qualys/qualys-cloud-agent.log
.