Agent Install: Non-Orchestrated

This section describes how to install the Sysdig agent directly on a Linux host, without using an orchestrator, such as Kubernetes or Mesos.

The agent can be installed in two ways:

  • As a standard container

    If you want to install the lighter version of the Sysdig agent, see Install Slim Agent.

  • As a non-containerized service

The steps for each flavor differ slightly depending on whether you are using the SaaS or on-premises version of the Sysdig platform.

Note

If you are installing the Sysdig agent in an environment that has Kubernetes, use the Agent Install: Kubernetes instructions instead.

Prerequisites

  • See Host Requirements for Agent Installation. There you can check the requirements concerning:

    • Supported Linux distributions

    • Network connection

    • Sysdig access key

    • Cloud service providers (AWS, Google, and Microsoft Azure) and any steps you may need to configure to integrate the Sysdig agent.

Note

On kernel headers: The Sysdig agent requires kernel header files in order to install successfully on a host, and the agent is delivered with precompiled headers. If the hosts in your environment match the kernel versions included with the agent, no special action is needed.

In some cases, the host(s) in your environment may use Unix versions that do not match the provided headers, and the agent may fail to install correctly. In those cases, you must install the kernel headers manually. See About Kernel Headers and the Kernel Module for details.

  • Run any commands as root or with the sudo command.

  • Have your Sysdig access key on hand.

    If you launch an agent install from www.sysdig.com, the welcome wizard will present an access key.

Docker Container Agent Installation

The Sysdig agent can be deployed as a Docker container.

Note

The commands below can also be copy/pasted from the Welcome Wizard or the Agent Installation page in the Sysdig UI.

In that case, your access key will already be included in the command automatically.

SaaS

Run the agent image, providing the access key and (optional) user-defined tags:

docker run -d --name sysdig-agent \
--restart always \
--privileged \
--net host \
--pid host\
 -e ACCESS_KEY=[ACCESS_KEY] \
 -e COLLECTOR=[COLLECTOR_ADDRESS] \
-e TAGS=[TAGS] \
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro --shm-size=512m sysdig/agent

For the COLLECTOR, find the address for your region.

On-Premises

Provide collector and SSL/TLS information in addition to access key and optional tags:

docker run -d --name sysdig-agent \
--restart always \
--privileged \
--net host \
--pid host \
-e ACCESS_KEY=[ACCESS_KEY] \
-e COLLECTOR=[COLLECTOR_ADDRESS] \
-e SECURE=true \
-e CHECK_CERTIFICATE=true \
[-e TAGS=[TAGS]] 
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro --shm-size=512m sysdig/agent

Note

CHECK_CERTIFICATE should be set to false if a self-signed certificate or private, CA-signed cert is used.

Service Agent Installation on Linux Host

Use these instructions to install the agent on the host itself, not in a container. Install on each host in the environment.

Note

The command lines below can also be copy/pasted from the Welcome wizard or the Settings>Agent Installation page in the Sysdig Monitor interface.

In that case, your access key will already be included in the command automatically.

SaaS

  1. Run the following command:

    curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] --collector [COLLECTOR_ADDRESS] [--tags [TAGS]]

    Where [ACCESS_KEY] is your unique agent access key string. For example, 1234-your-key-here-1234. [TAGS] is an optional list of user-defined agent tags. For example, role:webserver,location:europe.

    Find the collector endpoint for your region listed here.

  2. Make sure restarting the agent results in starting the service:

    sudo systemctl enable dragent

On-Premises

  1. Run the following command:

    curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] --collector [COLLECTOR_ADDRESS] --secure true --check_certificate true [--tags [TAGS]]

    Note

    check_certificate should be set to false if a self-signed certificate, a private, or a CA-signed certificate is used. See information about SSL in on-premises here.

  2. Make sure restarting the agent results in starting the service:

    sudo systemctl enable dragent

Connect to the Sysdig Backend via Static IPs (SaaS only)

Sysdig provides a list of static IP addresses that can be whitelisted in a Sysdig environment, allowing users to establish a network connection to the Sysdig backend without opening complete network connectivity. This is done by setting the Collector IP to collector-static.sysdigcloud.com:

user@host:~$ docker run --name sysdig-agent \
--privileged \
--net host \
--pid host \
-e ACCESS_KEY=[ACCESS_KEY] \
-e TAGS=[TAGS] \
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro \
-e COLLECTOR=collector-static.sysdigcloud.com \
-e COLLECTOR_PORT=6443 \
-e SECURE=true \
-e CHECK_CERTIFICATE=true \
--shm-size=512m \
sysdig/agent

Note on Manual Agent Installation

In the following cases, it may be preferable to perform a manual installation.

  • Full control over the deployment process

  • Integration with configuration management tools

  • Custom kernel

  • Unsupported distribution

If desired, see Agent Install: Manual Linux Installation.

Docker Container Agent Installation

The Sysdig agent can be deployed as a Docker container.

Note

The commands below can also be copy/pasted from the Welcome Wizard or the Agent Installation page in the Sysdig UI.

In that case, your access key will already be included in the command automatically.

SaaS

Run the agent image, providing the access key and (optional) user-defined tags:

docker run -d --name sysdig-agent \
--restart always \
--privileged \
--net host \
--pid host\
 -e ACCESS_KEY=[ACCESS_KEY] \
 -e COLLECTOR=[COLLECTOR_ADDRESS] \
-e TAGS=[TAGS] \
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro --shm-size=512m sysdig/agent

For the COLLECTOR, find the address for your region.

On-Premises

Provide collector and SSL/TLS information in addition to access key and optional tags:

docker run -d --name sysdig-agent \
--restart always \
--privileged \
--net host \
--pid host \
-e ACCESS_KEY=[ACCESS_KEY] \
-e COLLECTOR=[COLLECTOR_ADDRESS] \
-e SECURE=true \
-e CHECK_CERTIFICATE=true \
[-e TAGS=[TAGS]] 
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro --shm-size=512m sysdig/agent

Note

CHECK_CERTIFICATE should be set to false if a self-signed certificate or private, CA-signed cert is used.

Service Agent Installation on Linux Host

Use these instructions to install the agent on the host itself, not in a container. Install on each host in the environment.

Note

The command lines below can also be copy/pasted from the Welcome wizard or the Settings>Agent Installation page in the Sysdig Monitor interface.

In that case, your access key will already be included in the command automatically.

SaaS

  1. Run the following command:

    curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] --collector [COLLECTOR_ADDRESS] [--tags [TAGS]]

    Where [ACCESS_KEY] is your unique agent access key string. For example, 1234-your-key-here-1234. [TAGS] is an optional list of user-defined agent tags. For example, role:webserver,location:europe.

    Find the collector endpoint for your region listed here.

  2. Make sure restarting the agent results in starting the service:

    sudo systemctl enable dragent

On-Premises

  1. Run the following command:

    curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] --collector [COLLECTOR_ADDRESS] --secure true --check_certificate true [--tags [TAGS]]

    Note

    check_certificate should be set to false if a self-signed certificate, a private, or a CA-signed certificate is used. See information about SSL in on-premises here.

  2. Make sure restarting the agent results in starting the service:

    sudo systemctl enable dragent

Connect to the Sysdig Backend via Static IPs (SaaS only)

Sysdig provides a list of static IP addresses that can be whitelisted in a Sysdig environment, allowing users to establish a network connection to the Sysdig backend without opening complete network connectivity. This is done by setting the Collector IP to collector-static.sysdigcloud.com:

user@host:~$ docker run --name sysdig-agent \
--privileged \
--net host \
--pid host \
-e ACCESS_KEY=[ACCESS_KEY] \
-e TAGS=[TAGS] \
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro \
-e COLLECTOR=collector-static.sysdigcloud.com \
-e COLLECTOR_PORT=6443 \
-e SECURE=true \
-e CHECK_CERTIFICATE=true \
--shm-size=512m \
sysdig/agent