Builds an offline collector.
Typically offline collectors are built using a user-friendly “wizard”-style workflow in the GUI. This command allows you to do the same thing on the command line, and is mainly intended to support automated build environments. For new users the GUI is the recommended way to accomplish the task.
collector [<flags>] [<spec_file>]
Build an offline collector
--datastore=DATASTORE Path to a datastore directory (defaults to temp)
Args:
[<spec_file>] A Spec file to use.
Run the command without any arguments to print an example spec file, which you can then customize and use to build a new offline collector.
velociraptor collector > sample.spec.yaml
If you want the collector to integrate with an existing server, for example if you want it to create X509-secured collections, then you’ll need to give it access to your server’s config file, which contains the cryptographic materials needed for this. That doesn’t mean that you have to work on the server though - you could copy the config into your build environment.
If you don’t need to integrate your offline collectors in the way described above then all you need is the Velociraptor binary.
See Building an offline collector on the command line for more information.