Command Overview
Beacon includes a local-only dashboard for investigating the runtime JSONL log. The dashboard binds to loopback by default, has no external network dependency during normal use, and is intended for local investigation rather than remote administration.
Command syntax
beacon endpoint dashboard
Start the local dashboard, open it in a browser, or bind it to a custom local address.
What it shows
The dashboard reads the configured runtime JSONL log and provides a read-only view of local Beacon events. It follows Beacon’s local rotation pattern, so Log Search can include the active file and numbered archives such asruntime.jsonl.1. In the default CLI setup, it reads the same per-user log used by Antigravity CLI, Claude Code, Cursor, Devin CLI, Devin Desktop, Factory, Grok Build, Hermes Agent, and OpenCode hooks, Claude Code OTLP, Codex OTLP, optional Gemini CLI OTLP, Factory Droid OTLP, and OpenClaw Gateway OTLP telemetry.
- Log Search: investigate event rows with free-text search, harness, model, severity, and category filters.
- Detections: browse the active threat-rule set that Beacon would use for local scans, including rules installed in the local store or the built-in baseline when no store is installed.
- Findings: run the active rules over the configured runtime log on demand and review matching evidence with severity and session filters.
- Quick filters: focus on high-severity events, failures, approvals, MCP activity, file changes, commands, and events that may need review.
- Security Overview: review event totals, needs-review counts, high or critical activity, denied or blocked activity, failed tools, sessions, top harnesses, top models, top repositories, and MCP servers.
- Runtime inventory: inspect Inventory Local Agent Runtimes for detected harnesses and telemetry status across supported local runtimes.
- Runtime-log source: see source details and warnings when a system collector may be writing OTLP events to a different log.
- Rotated archives: open event details from active or archived runtime logs, even when older archive numbers have already been pruned.
beacon scan. They do not fetch rule packs, mutate telemetry, or require a hosted Beacon account.
Flags
| Flag | Description |
|---|---|
--user | Use per-user endpoint paths. Enabled by default |
--system | Use system endpoint paths and launch daemon |
--log-path <path> | Runtime JSONL log path |
--addr <host:port> | Local dashboard listen address |
--open | Open the dashboard in a browser |
beacon endpoint dashboard
beacon endpoint dashboard starts a local-only dashboard for inspecting Beacon runtime JSONL events.
Open the local dashboard
Examples
Start the dashboard:Start the dashboard
Open the dashboard in your browser
Use a custom local address
Inspect a custom runtime log
During normal use, the dashboard has no external network dependency. It reads local Beacon logs and serves a local read-only UI from a loopback address.
Related
Detections
Understand the rule format, detection flow, and findings model.
beacon scan
Run the same active rules from the command line.
Inventory Local Agent Runtimes
Understand configured, detected, and observed local runtime coverage.
beacon endpoint inventory
Print endpoint inventory from the command line or as JSON.