Generate an Agent Client Collector allow list

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Specify the checks to be included in the list of checks that are enabled to run on the agent.

    始める前に

    Role required: agent_client_collector_admin

    このタスクについて

    The default allow list includes all validated checks, and is included in the base system policies. If the allow list cannot be read correctly, no checks run on the agent.

    手順

    1. Navigate to All > Agent Client Collector > Check Definitions.
      The Check Definitions page appears.
    2. In the Related Links section at the bottom of the page, click Generate allow list.
      注:
      Alternatively, you can click a check definition or check instance record and click Generate allow list to generate a complete allow list.

      The Agent Client Collector Command Allow-list Generator page appears, with the list of checks scanned from the Command field of the check instance records.

      The values appear with the following attributes:

      表 : 1. Command attributes
      Attribute Description
      exec The executing command.
      args Possible argument strings.
      skip_arguments Boolean. Determines whether to verify that the argument was added to the allow list.
      • true: Skips argument validation and checks only for illegal characters, specifically |;\<>&'$()
      • false: Executes argument validation to ensure that the argument is included in the allow list. If it is not, the command cannot execute.
    3. Copy the entries you want to include in the allow list and add them to the agent's check-allow-list.json file, either manually or using an automation tool.
      The location of this file is indicated in the allow-list parameter of the agent's acc.yml file.