Liongard Roar

Roar Users Guide & Documentation

Welcome! You'll find comprehensive guides and documentation to help MSPs start working with Liongard's Roar as quickly as possible, as well as support if you get stuck. Let's go #MakeITRoar!

Get Started    

Deployment via MSI Installer

On-Premise Agent Overview

On-Premise Agent Installation Best Practices

  1. Install On-Premise Agents on Domain Controllers
  • We support On-Premise Agents being installed on servers; however, installing an On-Premise Agent on a Domain Controller will result in more Inspector Auto-Discovery, and therefore, less manual work.
  1. Generally, Install One On-Premise Agent per Network
  • Our Agents speak across VPN tunnels
  • Our Agents DO NOT speak across Active Directory Domains, so if you have two Active Directory Domains in one network, then you'll need an Agent within each Active Directory Domain.
  1. Install an Additional On-Premise Agent on any Server NOT Tied to an Active Directory Domain
  • The additional Agent will auto-activate an Inspector for the local Windows server, and that Inspector will auto-discover a Hyper-V or SQL Server Inspector if either system is present

πŸ‘

On-Premise Agent Installation = Inspector Auto-Discovery

When you roll out an On-Premise Agent, there is a potential for the Auto-Discovery of four Inspectors:

  1. Upon install, an On-Premise Agent will auto-activate an Inspector for the local Windows Server
  2. After the Windows Inspector runs, it will auto-discover an Active Directory Inspector
  3. Once activated and successfully run, the Active Directory Inspector will auto-discover Inspectors for any additional Windows servers within its Domain
  4. Once activated and successfully run, the Windows Inspectors will Auto-Discover Inspectors for any Hyper-V or SQL Server Inspectors installed

🚧

Minimum Requirements

To run the Windows Agent, it's important to make sure your machine meets these minimum requirements:

  • Operating System: Windows Server 2012
  • Memory: 1 GB
  • Disk Space: 50 MB

❗️

Windows Servers Before 2012

We currently do not support Windows Server before 2012 because the Roar Agent has a dependency on a software package called NodeJS. The Agent needs a specific minimum version of that software package to work and Windows Server 2008 R2 and below do not support it.

🚧

Windows Workstations

The Agent will work on Windows 8.1/10 workstations; however, we do not rigorously test the Agent outside of Windows servers. Also, most Inspectors have not been tested to run on Windows workstations.

If you require Active Directory, Hyper-V, SQL Server, or Windows remote inspections, we strongly encourage the use of a Windows server. If you are looking to inspect network devices or services, then using a Windows workstation Agent is likely adequate.

🚧

Whitelisting Requirements

If any of your networks heavily filter outbound traffic, you may need to whitelist some hosts in order for the Agent to send data back to Roar.

Please note two key URLs are used by the Agent and will need to be accessible in order for the Agent to properly function. Find the URL below that closely matches your instance URL and whitelist the URLs shown under it.

aus?.app.liongard.com

  • sqs.ap-southeast-2.amazonaws.com
  • s3.ap-southeast-2.amazonaws.com

us?.app.liongard.com

  • sqs.us-west-2.amazonaws.com
  • s3.us-west-2.amazonaws.com

ca?.app.liongard.com

  • sqs.ca-central-1.amazonaws.com
  • s3.ca-central-1.amazonaws.com

uk?.app.liongard.com

  • sqs.eu-west-2.amazonaws.com
  • s3.eu-west-2.amazonaws.com

eu?.app.liongard.com

  • sqs.eu-central-1.amazonaws.com
  • s3.eu-central-1.amazonaws.com

sa?.app.liongard.com

  • sqs.sa-east-1.amazonaws.com
  • s3.sa-east-1.amazonaws.com

d2thwq4mlwsvm8.cloudfront.net

For Debugging Purposes:
Regardless of what region you are in, troubleshooting methods for debugging inspections may additionally require access to the following URL. If you need to engage in troubleshooting inspections or engage with Liongard Support, they may ask to also whitelist this URL:

  • s3-us-west-2.amazonaws.com

πŸ“˜

Upgrade of Old Agent

On a machine with an Agent previously installed via PowerShell, the MSI's default behavior is to quietly upgrade that Agent to the MSI-packaged version with the existing settings.

How to Install an On-Premise Agent via the MSI Installer

Video isn't playing? Click here!

Overview

Installing an On-Premise Agent via the MSI Installer is a two step process:

  1. Create an Active Directory User for the Agent to "Log on as"
  2. Install the On-Premise Agent via the MSI Installer on a Domain Controller

Step 1: Create an Active Directory User for Roar to "Log on as"

  • In Active Directory, create a New > User
    • First Name: "Roar Agent"
    • Username: "RoarAgent"
    • Select Next
  • Password: Enter and document a password of your choosing
    • Uncheck: "User must change password at next login"
    • Check: "Password never expires"
  • Select Next
  • Select Finish
  • Right click on the "Roar Agent" user that you just created and select Properties
  • On the General Tab, label the account as a service account in the Description field. We suggest "Liongard - Roar Service Account"
  • Select Member of
  • Select Add... and include "Domain Admins"
  • Select Apply

Step 2: Install the On-Premise Agent via the MSI Installer on a Domain Controller

  • In Roar, navigate to Your Name > Account Settings > Access Tokens > Generate a New Token. Record the Roar Access Key ID and Secret as you will need them in the next steps.
  • Then, navigate to Admin > Agents > Click on "Download Agent Installer" in the top right corner
    • Copy the MSI link or download the MSI installer

🚧

Access Tokens

You can document this Roar Access Key Token and Secret to reuse when installing more Agents, or you can generate a new Access Key Token and Secret every time.

Our Access Tokens are used only to register an Agent. It is not something that the Agent stores, so if a token gets deleted, nothing will happen to Agents that were installed using that token.

  • Open the MSI and select Run
    • Check "I accept the terms in the License Agreement"
    • Select Next
  • Populate the following values:
    • Your Roar URL (e.g., "us1.app.liongard.com")
      • Enter the core of your Roar URL. Do NOT include "https://"
    • Agent Name: The Agent Name must be unique. If the Agent Name is not unique, the Agent will fail. This field will default to the name of the server.

🚧

Naming Your Agent

At the moment, the Agent name cannot accept =, <, >, (, ), {, }, [, ] characters. Please avoid using them in the Agent name.

If you choose to use a script to deploy On-Premise Agents, include a unique identifier for the Agent name.

  • A Roar Access Key ID and Secret.
    • This can be found in Roar by selecting your user account name in the top right corner > Account Settings > Access Tokens > Generate a New Token
  • The Environment name in which this Agent is being deployed for. This name is case sensitive.
  • If you do not wish to fill in the Environment name, you must leave this field blank. In Roar, you must associate the Agent to an Environment once the Installer runs. To do this, navigate to the Admin > Agents.

❗️

Errors Accessing the API

If you are having issues accessing the API, copy and paster the Key directly from Roar into the Installer.

  • Select Next
  • Select Custom
    • Enter the name of the Domain and "RoarAgent" (the name of the user you created in Step 1)
    • Select Next
  • Select Install
  • Select Finish

πŸ‘

Windows and Active Directory Inspector Auto-Discovery

After installing an On-Premise Agent on a Domain Controller, an Inspector will be auto-activated for the local Windows server, and after this Inspector runs, it will auto-discover an Active Directory Inspector.

🚧

Agent Service "Run As" Permissions

Starting with v1.9.51 and better, the MSI will preserve your Agent permissions when you do upgrades.

Silent Install via Command Line or RMM

The Agent MSI can be invoked like this for a silent install from the command line or for scripting via the RMM:

msiexec /i RoarAgent.msi ROARURL=yourinstance.app.liongard.com ROARACCESSKEY=yourkey ROARACCESSSECRET=yoursecret ROARAGENTNAME="Friendly Name of Your Choice" ROARENVIRONMENT="Exact Environment Name, Inc." ROARAGENTSERVICEACCOUNT="mydomain\domainadmin" ROARAGENTSERVICEPASSWORD="mypassword" ROARAGENTDESCRIPTION="optional description" /qn

The only required fields are ROARURL, ROARACCESSKEY, ROARACCESSSECRET, and ROARAGENTNAME.

You can optionally pass in ROARAGENTDESCRIPTION as the last parameter if you wish to add a description to the agent.

If you don't provide ROARAGENTSERVICEACCOUNT and ROARAGENTSERVICEPASSWORD then the service will default to installing as Local System.

If you don’t pass in the ROARENVIRONMENT parameter, you’ll have to assign that in the Roar UI under Admin > Agents.

πŸ“˜

Install Location

You can additionally use the INSTALLLOCATION variable if you wish to choose a different directory to install into.

If your custom path has spaces or special characters, then be sure to surround the location with triple double quotes in order to allow it to escape correctly in PowerShell. Otherwise you don't need to use double quotes to escape the path.

Troubleshooting Installation

Install Failure

If you encounter an issue installing the Agent where the Agent service does not get installed or the folder does not seem to exist with the installed application, please run the install with logs enabled and submit a ticket to our Product Support team with the agentinstall.log file attached.

msiexec /i RoarAgent.msi ROARURL=yourinstance.app.liongard.com ROARACCESSKEY=<insert key here> ROARACCESSSECRET=<insert key here> ROARAGENTNAME="name" ROARENVIRONMENT="" /L*V agentinstall.log

Install Failure - Invalid Username and/or Password

If you encounter an issue installing the Agent where an error dialogue pops up stating "Invalid Username/Password" for the associated service account, this can be caused if the service account was not added to the Domain Admins member group.

Install Failure - Roar Agent Ended Prematurely

If you encounter an issue installing the Agent where an error dialogue pops up stating "Roar Agent Ended Prematurely", this can be cause if the provided Environment name does not exist in Roar or does not match an existing Environment name in Roar. Check case-sensitivity and for extra white space to ensure the Environment name you're provided matches exactly as it appears in Roar. We suggest copy and pasting the Environment name from Roar.

Agent Not Heartbeating to Roar

If you run the install and the service is running but the Agent appears as unhealthy in Roar or inspections are not running, please find the file AgentSvcLog.txt in the Program Files install location and submit a ticket to our Product Support team with the file attached.

PowerShell Execution Policy Error

Please note that you must have the correct Execution Policy setup for PowerShell based inspectors. More information can be found at here.

Agent Does Not Appear in Services.msc

If you had the Services panel open during the install, please make sure to close it and reopen it if you are having trouble finding RoarAgent.exe listed.

In the services panel, make sure you are connected to the Local system. You can right click on the computer on the left-hand panel and select "Connect to another computer ..." and verify that "Local computer" is selected.

Setting Agent Permissions From PowerShell

If you need to apply Agent permissions and for some reason cannot get the service to show up following the instructions above, you can run this PowerShell script to check for the service and apply a service account.

$UserName = Read-Host -Prompt 'Input the account username'
$Password = Read-Host -Prompt 'Input the account password'
$Service = "roaragent.exe"
$ServiceObj = gwmi win32_service -filter "name='$service'"
If ($ServiceObj -and $ServiceObj.State -ne "Stopped") {
    $StopStatus = $ServiceObj.StopService() 
    If ($StopStatus.ReturnValue -eq "0") {
        Write-Host "Service Stopped Successfully"
    } Else {
        Write-Host "Failed To Stop The Service"
        Exit
    }
}

$ChangeStatus = $ServiceObj.change($null,$null,$null,$null,$null,$null,$UserName,$Password,$null,$null,$null) 
If ($ChangeStatus.ReturnValue -eq "0") {
    Write-Host "Sucessfully Changed User Name"
} Else {
    Write-Host "Failed To Change The Service"
    Exit
}

$StartStatus = $ServiceObj.StartService() 
If ($StartStatus.ReturnValue -eq "0") {
    Write-Host "Service Started Successfully"
} Else {
    Write-Host "Failed To Start The Service"
}

Antivirus Software Issues

Some antivirus software is known to interfere with the healthy operation of the Roar Agent at times.

❗️

Antivirus software may require whitelisting

Several vendors have been known to cause possible issues with the Roar Agent including:

  • SentinelOne
  • Kaspersky
  • Webroot (very rarely)
  • Cylance

Symptoms can include:

  • The Agent being killed after some period of time
  • The Agent ceasing to heartbeat to Roar after some period of time
  • Inspectors using PowerShell seeming to timeout constantly or at random.

If you experience any of these symptoms or if you use the antivirus vendors mentioned above, we recommend whitelisting the Roar Agent executable (located under C:\Program Files (x86)\LiongardInc by default) according to your antivirus vendor's instructions and best practices.

For Cylance, set exclusions to a Cylance environment with script control enabled:

/program files (x86)/liongardinc/roaragent/jobs/*/powershell/*/*.ps1
/program files (x86)/liongardinc/roaragent/jobs/*/powershell/*.ps1

File Server Resource Manager

File Server Resource Manager is known to interfere with Roar Agents. If you are having these issues, whitelist the Roar Agent.

Agent Keeps Stopping

This may be a symptom of a third party software interfering. If you encounter the Agent continuing to stop, we recommend you set up auditing on the service to find the root cause.

You can follow the instructions below to setup auditing on the Agent service:

  1. Open the Group Policy Management Editor
  2. Select either the default domain policy or another GPO applied to the current computer
  3. Edit the policy
  4. Under Computer Configuration > Policies > Windows Settings > Security Settings > System Services
  5. Find "Roar Agent" and right-click and select Properties
  6. Check: "Define this policy setting"
  7. Check: "Automatic" startup mode
  8. Click "Edit Security..."
  9. Click "Advanced..."
  10. Click on the "Auditing" tab
  11. Click on the "Add" button
  12. Click on the "Select Principal" link and enter "Everyone" and click OK
  13. Choose "All" for the Type dropdown
  14. Check the "Start, stop, and pause" checkbox and then click OK
  15. It will prompt you to apply the policy, click Apply and continue

Last Updated: 2020-01-22

Updated 20 days ago


Deployment via MSI Installer


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.