Checking if the Agent has Produced Results

^{Last Updated: 2023-08-15}

Purpose

This article describe how to check if the Agent have produced results that can be uploaded to OUTSCAN.

Introduction

In Outpost24, after an agent runs a scheduled scan, it must generate result files and upload them to OUTSCAN via the API. The Checking if the Agent has Produced Results feature helps administrators verify whether those result files exist locally before submission. By inspecting specific result directories on Windows or Linux hosts, you can confirm that scans have executed, that output files are present and being updated, and thus ensure that no data is stuck or delayed in transit.

How To Check if the Agent Scan has Produced Results

When a scheduled scan has been performed, the result is submitted to the API. Failing to submit to the API will leave the results for the next call home. To check if a result has been produce by the scan to be uploaded follow the steps in this document.

Windows

Open a file Explorer or Windows PowerShell as administrator and enter the following command:

ls C:\ProgramData\Outpost24\Agent\schedules\results\

Linux

Login to you Linux system with an account that has admin privileges or is able to elevate privileges and become root and run the following command:

sudo ls -la /var/cache/o24-agent/schedules/results

Example

In both cases, this directory contains the results for the Agent. Each schedule is a directory of type (UUID) that contains 1 to 2 encrypted files: commands.enc (for Linux), psh-commands.enc and registry.enc (for Windows).

Windows example:

Linux example: