Agent Install: Non-Orchestrated
This section describes how to install the Sysdig agent directly on a Linux host, without using an orchestrator, such as Kubernetes or Mesos.
The agent can be installed in two ways:
As a standard container
If you want to install the lighter version of the Sysdig agent, see Install Slim Agent.
As a non-containerized service
The steps for each flavor differ slightly depending on whether you are using the SaaS or on-premises version of the Sysdig platform.
If you are installing the Sysdig agent in an environment that has Kubernetes, use the Agent Install: Kubernetes instructions instead.
Prerequisites
See Host Requirements for Agent Installation. There you can check the requirements concerning:
Supported Linux distributions
Network connection
Sysdig access key
Cloud service providers (AWS, Google, and Microsoft Azure) and any steps you may need to configure to integrate the Sysdig agent.
On kernel headers: The Sysdig agent requires kernel header files in order to install successfully on a host, and the agent is delivered with precompiled headers. If the hosts in your environment match the kernel versions included with the agent, no special action is needed.
In some cases, the host(s) in your environment may use Unix versions that do not match the provided headers, and the agent may fail to install correctly. In those cases, you must install the kernel headers manually. See About Kernel Headers and the Kernel Module for details.
Run any commands as root or with the
sudocommand.Have your Sysdig access key on hand.
If you launch an agent install from www.sysdig.com, the welcome wizard will present an access key.
Docker Container Agent Installation
The Sysdig agent can be deployed as a Docker container.
The commands below can also be copy/pasted from the Welcome Wizard or the Agent Installation page in the Sysdig UI.
In that case, your access key will already be included in the command automatically.
SaaS
Run the agent image, providing the access key and (optional) user-defined tags:
docker run -d --name sysdig-agent \
--restart always \
--privileged \
--net host \
--pid host\
-e ACCESS_KEY=[ACCESS_KEY] \
-e COLLECTOR=[COLLECTOR_ADDRESS] \
-e TAGS=[TAGS] \
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro --shm-size=512m sysdig/agent
For the COLLECTOR, find the address for your
region.
On-Premises
Provide collector and SSL/TLS information in addition to access key and optional tags:
docker run -d --name sysdig-agent \
--restart always \
--privileged \
--net host \
--pid host \
-e ACCESS_KEY=[ACCESS_KEY] \
-e COLLECTOR=[COLLECTOR_ADDRESS] \
-e SECURE=true \
-e CHECK_CERTIFICATE=true \
[-e TAGS=[TAGS]]
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro --shm-size=512m sysdig/agent
CHECK_CERTIFICATE should be set to false if a self-signed
certificate or private, CA-signed cert is used.
Service Agent Installation on Linux Host
Use these instructions to install the agent on the host itself, not in a container. Install on each host in the environment.
The command lines below can also be copy/pasted from the Welcome wizard
or the Settings>Agent Installation page in the Sysdig Monitor
interface.
In that case, your access key will already be included in the command automatically.
The Sysdig agent depends on several python modules, some of which might
not be installed on the hosts where the agent is running as a service.
When the required dependencies are not available, the sdchecks
component in the agent will report errors in the log files, such as:
>> Error, sdchecks[0] ModuleNotFoundError: No module named 'posix_ipc'
To address these errors, install the missing modules using the
pip install command.
SaaS
Run the following command:
curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] --collector [COLLECTOR_ADDRESS] [--tags [TAGS]]Where
[ACCESS_KEY]is your unique agent access key string. For example, 1234-your-key-here-1234. [TAGS] is an optional list of user-defined agent tags. For example,role:webserver,location:europe.Make sure restarting the agent results in starting the service:
sudo systemctl enable dragent
On-Premises
Run the following command:
curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] --collector [COLLECTOR_ADDRESS] --secure true --check_certificate true [--tags [TAGS]]check_certificateshould be set tofalseif a self-signed certificate, a private, or a CA-signed certificate is used. See information about SSL in on-premises here.Make sure restarting the agent results in starting the service:
sudo systemctl enable dragent
Connect to the Sysdig Backend via Static IPs (SaaS only)
Sysdig provides a list of static IP addresses that can be whitelisted in a Sysdig environment, allowing users to establish a network connection to the Sysdig backend without opening complete network connectivity. This is done by setting the Collector IP to collector-static.sysdigcloud.com:
user@host:~$ docker run --name sysdig-agent \
--privileged \
--net host \
--pid host \
-e ACCESS_KEY=[ACCESS_KEY] \
-e TAGS=[TAGS] \
-v /var/run/docker.sock:/host/var/run/docker.sock \
-v /dev:/host/dev \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules:ro \
-v /usr:/host/usr:ro \
-e COLLECTOR=collector-static.sysdigcloud.com \
-e COLLECTOR_PORT=6443 \
-e SECURE=true \
-e CHECK_CERTIFICATE=true \
--shm-size=512m \
sysdig/agent
Note on Manual Agent Installation
In the following cases, it may be preferable to perform a manual installation.
Full control over the deployment process
Integration with configuration management tools
Custom kernel
Unsupported distribution
If desired, see Agent Install: Manual Linux Installation.