Quick Install Sysdig Agent

Sysdig provides you with quick-install commands pre-filled with some of your environment variables to get started with Sysdig agent. You choose the deployment type and Sysdig gives you auto-generated commands to ease your installation experience.

Access from Get Started or Data Sources

  1. Log in as the administrator to Sysdig Monitor or Sysdig Secure.

  2. Select the Get Started page in Monitor or the Data Sources page in Sysdig Secure.

  3. Click Install the Agent, select the appropriate deployment type, and copy the auto-generated code, filling in remaining variable values as required.

Sample Usage

Kubernetes

Helm is the recommended option for installing agents on Kubernetes. For the latest helm-based installation instructions and configuration options, see sysdig-deploy.

If you cannot utilize helm, we also provide a script which will download and apply Kubernetes manifests to deploy the agent as a DaemonSet. The script requires curl and kubectl installed in the $PATH on the host in which it is run.

Sysdig Monitor

  kubectl create ns sysdig-agent
  helm repo add sysdig https://charts.sysdig.com
  helm repo update

  helm install sysdig sysdig/sysdig-deploy  
  --namespace sysdig-agent \
  --set global.sysdig.accessKey=ACCESS_KEY \
  --set global.sysdig.region=REGION \
  --set global.clusterConfig.name=CLUSTER_NAME \
  --set nodeAnalyzer.enabled=false \
   
  
 curl -s https://download.sysdig.com/stable/install-agent-kubernetes | sudo bash -s -- \
 --access_key <ACCESS_KEY>  \
 --collector <COLLECTOR_ADDRESS> --collector_port <COLLECTOR_PORT> \
 

Sysdig Secure

  kubectl create ns sysdig-agent
  helm repo add sysdig https://charts.sysdig.com
  helm repo update

  helm install sysdig sysdig/sysdig-deploy 
  --namespace sysdig-agent \
  --set global.sysdig.accessKey=ACCESS_KEY \
  --set global.sysdig.region=REGION \
  --set global.clusterConfig.name=CLUSTER_NAME \
  --set global.kspm.deploy=true \
  --set nodeAnalyzer.secure.vulnerabilityManagement.newEngineOnly=true \
  --set nodeAnalyzer.nodeAnalyzer.benchmarkRunner.deploy=false \
    
  
 curl -s https://download.sysdig.com/stable/install-agent-kubernetes | sudo bash -s -- \
 --access_key <ACCESS_KEY>  \
 --collector <COLLECTOR_ADDRESS> --collector_port <COLLECTOR_PORT> \
 --nodeanalyzer --api_endpoint <SECURE_ENDPOINT_ADDRESS>
 

Docker

   #Build and load the kernel module 
  docker run -it --privileged --rm --name sysdig-agent-kmodule \
    -v /usr:/host/usr:ro \
    -v /boot:/host/boot:ro \
    -v /lib/modules:/host/lib/modules:ro \
    quay.io/sysdig/agent-kmodule
  
  #Configure the Kernel module to load during system boot.
  sudo mkdir -p /etc/modules-load.d
  sudo bash -c "echo sysdigcloud-probe > /etc/modules-load.d/sysdigcloud-probe.conf"
  
  #Run the sysdig-agent
  docker run -d --name sysdig-agent \
    --restart always \
    --privileged \
    --net host \
    --pid host \
    -e ACCESS_KEY=<ACCESS_KEY> \
    -e COLLECTOR=<COLLECTOR_URL> \
    -e SECURE=true \
    -e TAGS=<LIST_OF_TAGS> \
    -e ADDITIONAL_CONF= <LIST_OF_CONFIG> \
    -v /var/run/docker.sock:/host/var/run/docker.sock \
    -v /dev:/host/dev \
    -v /proc:/host/proc:ro \
    -v /boot:/host/boot:ro \
    --shm-size=512m \
    quay.io/sysdig/agent-slim
  

Linux

  curl -s https://download.sysdig.com/stable/install-agent | sudo bash -c -- \
  --access_key [-t | --tags <value>] [-c | --collector <value>] \
  [-cp | --collector_port <value>] [-s | --secure <value>] \
  [-cc | --check_certificate]  [-ac | --additional_conf <value>] \
  [-b | --bpf] [-h | --help]
  
  curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- \
  --access_key <ACCESS_KEY> --collector <COLLECTOR_URL> \
  --secure true
  

Configuration Options

OptionDescription
Access KeyThe agent access key. You can retrieve this from Settings > Agent Installation in either Sysdig Monitor or Sysdig Secure.
TagsEnter meaningful tags you want applied to your instances.
CollectorThe collector URL for Sysdig Monitor or Sysdig Secure. This value is region-dependent in SaaS and is auto-completed on the Get Started page in the UI. It is a custom value in on-prem installations. See SaaS Regions and IP Ranges.
Collector PortThe default is 6443.
RegionThe SaaS region for the agents. For example, us1, us2, and au1. See Regions and IP Ranges for more information.
SecureUse a secure SSL/TLS connection to send metrics to the collector. This option is enabled by default.
Check CertificateDisables strong SSL certificate check for Sysdig Monitor on-premises installation.
Additional ConfOptional. Use this option to provide custom configuration values to the agent as environment variables. If provided, the value will be appended to agent configuration file. For example, file log configuration.
BBFEnables eBPF probe.
KSPMThe configuration specific to KSPM.
Node AnalyzerInstalls image analyzer, benchmarks, and host scanning components. For more information, see Node Analyzer.