Topics on this page
Agent configuration settings with environment variables
All agent configuration options that can be set in the configuration files (such as properties files in Java or ini files in Python) can instead be set by using the environment variables. When set through both environment variables and configuration files, options set with the environment variables will take precedence over the configuration file.
The Application Security environment variable names are prefixed with TREND_AP_. For example:
export TREND_AP_KEY=<your key>
export TREND_AP_SECRET=<your secret>
export TREND_AP_LOG_FILE=path/to/trend_app_protect.log
export TREND_AP_LOG_LEVEL=debugAll configuration options must be encoded with UTF-8, whether the values are provided in a local agent configuration or environment variables.
For all configuration keys listed, the key name must be prefixed with "trend_app_protect" on the PHP platform, in the PHP ini configuration file.
Agent credentials
-
Key: The unique key associated with the application group to protect. The key is obtained from the dashboard, for the group, in Group Settings > Group Credentials.
-
Secret: The unique secret associated with the application group to protect. The secret is obtained from the dashboard, for the group, in Group Settings > Group Credentials.
| Configuration key | Environment variable | Description |
|---|---|---|
| Key | TREND_AP_KEY | Agent credentials Key, found on the dashboard in Group Settings > Group Credentials. |
| Secret | TREND_AP_SECRET | Agent credentials Secret, found on the dashboard in Group Settings > Group Credentials. |
Agent logging
The agents can generate 2 types of logs:
- Diagnostic logs. These are typically consulted to investigate or troubleshoot behaviors or issues with the Application Security agents.
- Security logs (also known as defence logs). These include all security events detected and reported by the agent.
| Configuration key | Environment variable | Description |
|---|---|---|
| log_file | TREND_AP_LOG_FILE | Agent diagnostic log file location. Valid values are: stderr, stdout, syslog or path to log file. Default value: log/trend_app_protect.log. Note that the location needs to have write permission. |
| log_level | TREND_AP_LOG_LEVEL | Agent diagnostic logging level. Valid values are: ERROR, WARN, INFO, DEBUG, TRACE Default value: INFO |
| defence.log_file | TREND_AP_DEFENCE_LOG_FILE | Security log file location. Default value is null, which disables security event logging. Note that the location needs to have write permission. |
| defence-json.log_file | TREND_AP_DEFENCE_JSON_LOG_FILE | Security events log file location. Default value is null, which disables security event logging. The log file generates JSON formatted sensor events generated by agents. |
Java environment variables
Jetty
When using Jetty, export the following environment variable:
export JAVA_OPTIONS="${JAVA_OPTIONS} -javaagent:/full/path/to/trend_app_protect-X.X.X.jar -Dcom.trend.app_protect.config.file=path/to/trend_app_protect.properties"
Tomcat
When using the Tomcat web server, export the following environment variable:
export CATALINA_OPTS="${CATALINA_OPTS} -javaagent:/full/path/to/trend_app_protect-X.X.X.jar -Dcom.trend.app_protect.config.file=path/to/trend_app_protect.properties"
Netty
When using the Netty server, export the following environment variable:
export JAVA_OPTS="$JAVA_OPTS -javaagent:lib/trend_app_protect.jar -Dcom.trend.app_protect.config.file=trend_app_protect.properties"
WebSphere
When using the WebSphere server, the javaagent JVM option adding the Application Security agent jar file is configured in the Generic JVM options
-javaagent:lib/trend_app_protect.jar
.NET environment variables
| Environment variable | Value | Comments |
|---|---|---|
| CORECLR_ENABLE_PROFILING | 1 | The value must always be 1 for the agent to function. |
| CORECLR_PROFILER | {a51743a9-9e05-4a9f-adcd-d39aa322615a} | The value must always be the guid in this table, for the .NET agent |
| CORECLR_PROFILER_PATH | <installation_directory>/bin/libTrendAppProtectProfiler-x64-linux.so | For example, /usr/local/trend_app_protect_netcore/bin/libTrendAppProtectProfiler-x64-linux.so |
| TREND_AP_CONFIG_FILE | <installation_directory>/TrendAppProtect.config | For example, /usr/local/trend_app_protect_netcore/TrendAppProtect.config |