1. home icon for breadcrumbs >
  2. Cloud Agent Configuration >
  3. Command Line Options

Command Line Options

qualys-cloud-agent.sh supports these command line options.

Configuration option

Description

ActivationId

A valid activation key ID (UUID). This value is obtained from the Cloud Agent UI (go to Activation Keys, select a key then View Key Info). This parameter is required to provision an agent.

CustomerId

A valid customer ID (UUID). This value is obtained from the Cloud Agent UI (go to Activation Keys, select a key then Install Agent). This parameter is required to provision an agent.

LogLevel

A log level (0-5). A higher value corresponds to more verbosity. Default is mapped to information (3).

0 - mapped to fatal

1 - mapped to error

2 - mapped to warning

3 - mapped to information

4 - mapped to debug

5 - mapped to trace

Note: In a debug/trace mode, the log file may contain sensitive command-line parameters or passwords for configuration files, if the passwords are in clear-text format. Qualys recommends you use a password vault or token-based authentication instead of storing passwords in the configuration file. Storing passwords in configuration files can result in non-compliance with ISO, SOC, PCI-DSS, HIPAA, and FedRAMP guidelines.

LogFileDir

A full path to the log file. By default the path is /var/opt/qualys/

UseSudo

Set to 1 to run all data collection commands using the sudo escalation method. By default, sudo is not used (0).

Limitations of using UseSudo=1

SudoCommand

A command for privilege escalation such as SudoCommand pbrun. If the command has spaces it must be double quoted.

User

A valid username if you want the daemon to run as a certain user. The daemon will start as root but will drop to the specified user, and continue running as the specified user.

Group

A valid group name if you want the daemon to run as a certain group. The daemon will switch to the specified group (if any).

HostIdSearchDir

(Available using Linux Agent 1.3.3 and later) The directory where the host ID file is located. This file contains a host ID tag assigned to the system by Qualys. By default, the directory is /etc/ and the location of the host ID file is /etc/qualys/hostid

LogDestType

(Available using Linux Agent 1.3.3 and later) The destination of log lines generated by Linux Agent. Set to file or syslog. If set to file specify the location of the log file. By default, the destination is a log file: /var/opt/qualys/qualys-cloud-agent.log

ServerUri

Use this option to migrate the agent from one Qualys subscription to another (on the same POD or PCP).

ServerUri takes the URL of the Qualys shared Pod or PCP you want to migrate the Agent to, in the following format:

ServerUri=<http_url>/CloudAgent

where <http_url> is the URL of the Qualys shared Pod or PCP.

If the subscription is on the same POD, the ServerUri is the same.

Use this option along with ActivationId and CustomerId in order to move the agent to another Qualys shared Pod or PCP.

The agent requires the appropriate Activation ID and Customer ID that are on the new subscription/platform. The original IDs cannot be used as they are unique per subscription.

CmdMaxTimeOut

Execution of a command is dropped if the time taken to execute is more than the specified value. The default timeout is 1800 seconds (30 minutes).

ProcessPriority

Specify the Linux niceness scale between -20 to 19 to set a priority for the Qualys cloud agent process. The lower the number the more priority the agent process gets. The default value is zero.

QualysProxyOrder

If you are using multiple proxies, set the proxy order to be sequential or random.

Sequential: QualysProxyOrder=sequential OR QualysProxyOrder=seq

Random: QualysProxyOrder=random

MaxRandomScanInterval

This option will enable the Agent to upload at the configured VM scan interval and adding a randomized interval. The random interval can be any value between 0 and the configured MaxRandomScanInterval seconds. MaxRandomScanInterval can be set to any value between 0 (default) to 4294967295

Limitations of using UseSudo=1

If you configure the cloud agent for UseSudo=1 to run commands using the sudo escalation method, you may face any of the following issues:

  • Commands run by the cloud agent or any script added in the cloud agent manifest, fail to get the custom path set in the PATH environment.
  • Scan results show empty values for service_list, bios_info, and service_info, when the agents fails to find related path in the PATH environment.

This happens because when you set UseSudo=1, the agent tries to find the custom path in the secure_path parameter located in the /etc/sudoers file. If this parameter is not set, the agent then tries to find the custom path in the path that is used when you run sudo sh.

To resolve this issue, add your custom path or the path used by the agent while scanning for service_list, bios_info, and service_info, to the secure_path parameter. If you have disabled secure_path parameter, add the respective paths to the path that is used when you run sudo sh.

Alternatively, you can configure the agent for UseSudo=0.

For Solaris 10 platform, Sudo packages need to be installed manually.

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.