Skip to content

Agent Refactor: Multi-platform support, native log collection, and performance improvements #1843

New issue
New issue
Open
Feature
Open
Agent Refactor: Multi-platform support, native log collection, and performance improvements#1843
Feature
Assignees
Kbayero
Labels
goPull requests that update go code
@Kbayero

Description

@Kbayero
Kbayero
opened on Feb 18, 2026

Describe the feature

Major refactor of the UTMStack Agent architecture introducing:

New Platform Support:

  • Linux ARM64 agent build and deployment
  • macOS ARM64 (Apple Silicon) agent with code signing and notarization
  • Standardized binary naming convention: utmstack_agent_service_<os>_<arch>

Native Log Collection:

  • Replaced Filebeat with native log collector on Linux (using journalctl)
  • Replaced Winlogbeat with native log collector on Windows
  • Single-port-per-integration model for better resource management

Incident Response Improvements:

  • Shell selection support: cmd/powershell (Windows), sh/bash (Linux/macOS)
  • Backwards compatible with older agents

Performance & Stability:

  • Fixed memory leak issues in log processing
  • Improved Netflow log parser performance
  • Improved Cisco log parser with reduced memory footprint
  • Removed unnecessary dependencies (Redis, Elastic modules)

Agent Registration:

  • Allow multiple agents with same hostname (unique by hostname+MAC)
  • Improved error handling for duplicate registrations

Dependency Management:

  • Centralized updates to single binary (updater service)
  • Post-download hooks for configuration on updates
  • Legacy binary migration for seamless upgrades

Use Case

  1. Users with ARM-based Linux servers can now install UTMStack agents
  2. Users with Apple Silicon Macs (M1/M2/M3) can monitor their systems
  3. Windows administrators can execute PowerShell commands directly from the interactive console
  4. Organizations with duplicate hostnames across environments can register all agents

Proposed Solution

All changes have been implemented across:

  • agent/ - Core agent and updater binaries
  • agent-manager/ - Registration and command routing
  • .github/workflows/ - CI/CD pipeline with multi-platform builds
  • frontend/ - Installation guides for all platforms

Other Information

Testing checklist:

  • Install Linux AMD64 agent - verify log collection via journalctl
  • Install Linux ARM64 agent - verify log collection
  • Install Windows AMD64 agent - verify native log collection
  • Install macOS ARM64 agent - verify installation and log collection
  • Test agent search in interactive console
  • Test PowerShell command execution (shell=powershell)
  • Test CMD command execution (shell=cmd or empty)
  • Register two agents with same hostname but different MAC
  • Upgrade agent to this new version - verify binary migration
  • Verify Netflow log parsing
  • Verify Cisco log parsing

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

Metadata

Metadata

Assignees

Labels

goPull requests that update go code

Type

Feature

Projects

UTMStack OSS

Status

👀 In review

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions