Command Overview
Thebeacon endpoint command group manages the local Beacon endpoint agent. It configures agent harness telemetry, runs a local OpenTelemetry Collector, writes Beacon endpoint events to JSONL, and exposes subcommands for local inspection and integrations. Endpoint commands use per-user paths by default; pass --system for root-managed package or MDM deployments.
Command syntax
Commands
beacon endpoint install
Configure endpoint telemetry, collector service files, and harness telemetry.
beacon endpoint status
Show collector, service, harness, diagnostic, and runtime log status.
beacon endpoint doctor
Run local endpoint health checks with pass/fail exit behavior.
beacon endpoint repair
Reapply service files and telemetry configuration.
beacon endpoint uninstall
Stop services and remove managed endpoint files.
beacon endpoint config
Inspect, validate, and update endpoint configuration.
beacon scan
Run threat-detection rules over local endpoint telemetry.
beacon rules
Manage local threat-detection rules used by scans.
inventory, discover, test-event, and bundle-diagnostics.
Common Paths
| Item | User mode | System mode |
|---|---|---|
| Config | ~/.beacon/endpoint/config.json | /Library/Application Support/Beacon/Endpoint/config.json |
| Base directory | ~/.beacon/endpoint | /Library/Application Support/Beacon/Endpoint |
| Runtime log | ~/.beacon/endpoint/logs/runtime.jsonl | /var/log/beacon-agent/runtime.jsonl |
| Collector config | ~/.beacon/endpoint/otelcol.yaml | /Library/Application Support/Beacon/Endpoint/otelcol.yaml |
Related Groups
Core Concepts
Review endpoint agent, collector, harness, and runtime log terminology.
Dashboard
Inspect Beacon runtime logs in a local dashboard.
Wazuh
Manage Wazuh localfile, rule, and validation content.
Datadog
Manage Datadog Agent custom log collection content.
Runtime hooks
Manage supported hook-based endpoint integrations.
OpenClaw Gateway
Manage OpenClaw Gateway OpenTelemetry export.