Timeframe - When did you complete the setup?

Although it's often sooner, it can take up to an hour before a new agent is displayed in the console. 

Access Token  - is it valid?

One of the common reasons the agent isn't reporting is either due to a typo, or an invalid access token supplied in the configuration. This can occur when the token is maintained in an organisations workflow, rather than obtaining the token directly from the Lacework console. 

To validate the token is still valid, you will need to login to console as an admin, navigate to Settings and then Agent Tokens and verifying the status. If a token is disabled, it is not recommended you re-enable it without understanding why it was disabled in the first place, more often than not it is better to create a new token.

Connectivity - is the platform reachable from this machine?

The agent will need to be able to reach api.lacework.net - a simple way to check for this on both Windows and Linux machines is with the ping utility.

Status - is the agent process running?

• Linux - execute service datacollector status or systemctl status datacollector depending on your kernel version to confirm the service is up. 
• Windows - review the process state in Task Manager

Review logs for errors

The agent logs are not intended for human analysis, however, fatal errors that prevent the ordinary operations of the agent may be present. For example, an invalid access token or incorrect json format e.g. "Access token is invalid".

Having validated the above, if the agent still is not displayed in the console, you may wish to raise a support case so we can assist you. To ensure we have all of the information you will need to include:

• Lacework subaccount the access token belongs to
• Machine hostname
• OS type and version 
• Install method, including any scripts used to deploy
• The config.json file
• Agent logs:
  • Linux - /var/log/lacework/*
  • Windows - C:\Users\[username]\AppData\Local\Temp\Lacework\*
• Agent version