Skip to main content

Technical Reference

Understanding where the Myrmex Agent lives and how it logs its activity is critical for troubleshooting and security auditing.

Component Overview

The EDR deployment consists of two primary services:
  • myrmex_endpoint: The main agent responsible for telemetry collection and action execution.
  • myrmex_supervisor: A watchdog service that manages updates, health monitoring, and automatic rollbacks.

Operating System Paths

Linux (deb/rpm/arch)

TypePath
Binaries/usr/bin/myrmex_endpoint, /usr/bin/myrmex_supervisor
Configuration/etc/myrmex/config.yml
Logs (Stdout)/var/log/myrmex/myrmex_endpoint.log, /var/log/myrmex/myrmex_supervisor.log
Logs (Stderr)/var/log/myrmex/myrmex_endpoint.err, /var/log/myrmex/myrmex_supervisor.err
Data & Scripts/var/lib/myrmex/, /usr/lib/myrmex/scripts/
Quarantine/var/lib/myrmex/quarantine
Servicesmyrmex-endpoint.service, myrmex-supervisor.service

macOS (launchd)

TypePath
Binaries/usr/local/myrmex/bin/myrmex_endpoint, /usr/local/myrmex/bin/myrmex_supervisor
Configuration/usr/local/myrmex/config.yml
Logs/Library/Logs/myrmex/ (endpoint/supervisor .log and .err)
Scripts & Data/usr/local/myrmex/scripts/, /usr/local/myrmex/backups/
LaunchDaemonscom.myrmex.endpoint.plist, com.myrmex.supervisor.plist

Windows (Windows Service)

TypePath
BinariesC:\Program Files\Myrmex\myrmex_endpoint.exe, C:\Program Files\Myrmex\myrmex_supervisor.exe
ConfigurationC:\Program Files\Myrmex\config.yml
Endpoint LogsC:\Program Files\Myrmex\logs\mrx_rCURRENT.log
Supervisor LogsC:\Program Files\Myrmex\supervisor\mrx_sup_rCURRENT.log
Version InfoC:\Program Files\Myrmex\version_info.json

Configuration Structure (config.yml)

The config.yml file defines how the agent connects to the platform. Do not modify these values manually unless instructed by support.
  • agent_id: Unique identifier for the endpoint within your organization.
  • context_id: The ID of your Environment/Tenant.
  • secret: The installation secret used for initial handshake.
  • wss_host: The WebSocket address for real-time orchestration (e.g., wss://fleet.myrmex.ai).
  • http_host: The primary API host for the fleet.
  • check_host: Used by the supervisor to poll for new versions.
  • download_host: The endpoint where update artifacts are retrieved.

Local Service Management

Linux (systemd)

# Check status
sudo systemctl status myrmex-endpoint
sudo systemctl status myrmex-supervisor

# View live logs
tail -f /var/log/myrmex/myrmex_endpoint.log

macOS (launchctl)

# List services
sudo launchctl list | grep myrmex

# View live logs
tail -f /Library/Logs/myrmex/myrmex_endpoint.log

Windows (PowerShell)

# Check service status
Get-Service myrmex_endpoint
Get-Service myrmex_supervisor