Skip to main content

beacon endpoint s3

Use beacon endpoint s3 to generate AWS S3 forwarding content for Beacon endpoint events. The generated pack keeps Beacon as a local JSONL producer and helps your customer-managed Vector agent upload runtime.jsonl to an S3 bucket as gzip-compressed NDJSON. Beacon does not store AWS credentials, profiles, IAM roles, bucket policies, lifecycle rules, or encryption settings. Keep those values in AWS, Vector, endpoint-management policy, or deployment tooling. 
beacon endpoint s3 [command]

Commands

beacon endpoint s3 print-config

Print the Vector AWS S3 forwarding template for the configured runtime log.

beacon endpoint s3 install-pack

Write AWS S3 forwarding content to a directory.

beacon endpoint s3 validate

Write and describe a Beacon AWS S3 validation event.

Runtime log paths

ModePath
User mode~/.beacon/endpoint/logs/runtime.jsonl
System mode/var/log/beacon-agent/runtime.jsonl

beacon endpoint s3 print-config

beacon endpoint s3 print-config prints a Vector configuration that tails the selected Beacon runtime JSONL log and writes gzip-compressed NDJSON objects to AWS S3. 
beacon endpoint s3 print-config
Use this command when you want to inspect or copy the Vector template into an existing endpoint forwarding workflow.

Examples

Print Vector config for the default per-user Beacon install: 
beacon endpoint s3 print-config
Print Vector config for a system-mode MDM deployment: 
sudo /opt/beacon/bin/beacon endpoint s3 print-config --system
Print Vector config for a custom runtime log: 
beacon endpoint s3 print-config --log-path /path/to/runtime.jsonl

Flags

FlagDescription
--userUse per-user endpoint paths. Enabled by default
--systemUse system endpoint paths and launch daemon
--log-path <path>Runtime JSONL log path

beacon endpoint s3 install-pack

beacon endpoint s3 install-pack writes AWS S3 forwarding content to a directory. 
beacon endpoint s3 install-pack --output ./beacon-s3-pack
The pack includes setup instructions, a one-shot AWS CLI smoke-test script, a Vector aws_s3 forwarding template, and sample Beacon endpoint events.

Examples

Generate a content pack for the default per-user install: 
beacon endpoint s3 install-pack --output ./beacon-s3-pack
Generate a content pack for a system-mode deployment: 
sudo /opt/beacon/bin/beacon endpoint s3 install-pack \
  --system \
  --output ./beacon-s3-pack
Generate a content pack for a custom runtime log: 
beacon endpoint s3 install-pack \
  --output ./beacon-s3-pack \
  --log-path /path/to/runtime.jsonl

Flags

FlagDescription
--output <dir>Output directory for the AWS S3 content pack. Defaults to beacon-s3-pack
--userUse per-user endpoint paths. Enabled by default
--systemUse system endpoint paths and launch daemon
--log-path <path>Runtime JSONL log path

beacon endpoint s3 validate

beacon endpoint s3 validate writes a Beacon validation event to the runtime JSONL log and prints the expected AWS S3 validation fields and follow-up AWS CLI checks. 
beacon endpoint s3 validate

Examples

Write a validation event for the default per-user install: 
beacon endpoint s3 validate
Write a validation event for a system-mode deployment: 
sudo /opt/beacon/bin/beacon endpoint s3 validate --system
Write a validation event to a custom runtime log: 
beacon endpoint s3 validate --log-path /path/to/runtime.jsonl
The validation command writes the local event only. Confirm remote delivery with AWS tooling: 
aws s3 ls "s3://${BEACON_S3_BUCKET}/${BEACON_S3_PREFIX}/" --recursive --region "$AWS_REGION"
aws s3 cp "s3://${BEACON_S3_BUCKET}/${BEACON_S3_PREFIX}/date=<date>/<object>.jsonl.gz" - --region "$AWS_REGION" | gzip -dc | grep "Beacon endpoint S3 validation event"
Expected validation fields: 
vendor=beacon product=endpoint-agent destination.type=s3 destination.mode=aws_s3_jsonl

Flags

FlagDescription
--userUse per-user endpoint paths. Enabled by default
--systemUse system endpoint paths and launch daemon
--log-path <path>Runtime JSONL log path

AWS S3 forwarding

Configure Vector forwarding from Beacon JSONL into AWS S3.

SIEM forwarding

Review forwarding patterns and validation steps.

Endpoint agent

Install and inspect the local endpoint agent.

Endpoint event schema

Review normalized Beacon JSONL fields and example events.