Quick Install Sysdig Agent

Sysdig provides you with quick-install commands pre-filled with some of your environment variables to get started with Sysdig agent. You choose the deployment type and Sysdig gives you auto-generated command to ease your installation experience.

Access from Get Started Pages

  1. Log in as admin to Sysdig Monitor or Sysdig Secure.

  2. Select the Get Started page.

  3. Click Install the Agent, select the appropriate deployment type, and copy the auto-generated code, filling in remaining variable values as required.

Sample Usage

Helm

Helm is the recommended option for installing agents on Kubernetes.

helm install sysdig-agent --namespace <value> --set sysdig.accessKey=<value> \
--set sysdig.settings.collector=<value> --set sysdig.settings.collector_port=<value> \
--set nodeAnalyzer.apiEndpoint=<value> --set secure.vulnerabilityManagement.newEngineOnly=true sysdig/sysdig

Example

kubectl create ns sysdig-agent
helm repo add sysdig https://charts.sysdig.com
helm repo update
helm install
    --namespace=`dev`
    --sysdig.accessKey=`1234-your-key-here-1234`
    --sysdig.settings.collector='mycollector.elb.us-west-1.amazonaws.com'
    --sysdig.settings.collector_port=`6443`
    --set sysdig.settings.tags='linux:ubuntu,dept:dev,local:nyc'
    --set sysdig.settings.k8s_cluster_name='my_cluster'
  sysdig/sysdig

Options

OptionDescription
namespaceIf a value is provided, the agent will be deployed to the specified Kubernetes namespace. The default is sysdig-agent.
accessKeyThe agent access key. You can retrieve this from Settings > Agent Installation in either Sysdig Monitor or Sysdig Secure.
collectorThe collector URL for Sysdig Monitor or Sysdig Secure. This value is region-dependent in SaaS and is auto-completed on the Get Started page in the UI. See SaaS Regions and IP Ranges for more information. It is a custom value in on-prem installations.
collector_portThe default is 6443.
nodeAnalyzer.apiEndpointNode analyzer Endpoint. This value is region-dependent in SaaS and is auto-completed on the Get Started page in the UI. It is a custom value in on-prem installations. See SaaS Regions and IP Ranges for more information.
secure.vulnerabilityManagement.newEngineOnlyThe default is false. Installs the vulnerabilitiy management engine and the runtime scanner.
If you are still using the legacy engine, set secure.vulnerabilityManagement.newEngineOnly to false; otherwise the Get Started code snippet will prompt you to use true. It is still possible to deploy the Runtime scanner by setting nodeAnalyzer.runtimeScanner.deploy to true. See Helm Charts for more information.
nodeAnalyzer.runtimeScanner.settings.eveEnabledThe default is false. Enables Sysdig EVE, a requirement for the runtime feature Risk Spotlight.
nodeAnalyzer.runtimeScanner.deployThe default is false. Deploys the Runtime Scanner. This option works only if the secure.vulnerabilityManagement.newEngineOnly flag is set to false.

Kubernetes

install-agent-kubernetes \
[-a | --access_key <value>] [-t | --tags <value>] \
[-c | --collector <value>] [-cp | --collector_port <value>] [-s | --secure <value>] \
[-cc | --check_certificate <value>] [-ns | --namespace | --project <value>] \
[-ac | --additional_conf <value>] [-op | --openshift] [-as | --agent_slim] \
[-av | --agent_version <value>] [-ae | --api_endpoint <value> ] [-na | --nodeanalyzer ] \
[-ia | --imageanalyzer ] [-am | --analysismanager <value>] [-ds | --dockersocket <value>] \
[-cs | --crisocket <value>] [-cv | --customvolume <value>] \
[-cn | --cluster_name <value>] [-r | --remove ] [-h | --help]

Example

curl -s https://download.sysdig.com/stable/install-agent-kubernetes | sudo bash -s -- \
--access_key 1234-your-key-here-1234  \
--collector collector-staging.sysdigcloud.com --collector_port 6443 \
--nodeanalyzer --api_endpoint secure-staging.sysdig.com

Options

Option

Description

-a

The agent access key. You can retrieve this from Settings > Agent Installation in either Sysdig Monitor or Sysdig Secure.

-t

The list of tags to identify the host where the agent is installed. For example: role:webserver, location:europe, role:webserver.

-c or collector_url

The collector URL for Sysdig Monitor or Sysdig Secure. This value is region-dependent in SaaS and is auto-completed on the Get Started page in the UI. It is a custom value in on-prem installations.

-cp

The collector port. The default is 6443.

-s

Use a secure SSL/TLS connection to send metrics to the collector. This option is enabled by default.

-cc

Enable strong SSL certificate check. The default is true.

-ns

If a value is provided, the agent will be deployed to the specified namespace/project. The default is sysdig-agent.

-op

If provided, perform the agent installation using the OpenShift command line.

-ac

If a value is provided, the additional configuration will be appended to the agent configuration file.

-av

If a version is provided, use the specified agent version. The default is the latest version.

-r

If a value is provided, the daemonset, configmap, cluster role binding, service acccount and secret associated with the Sysdig Agent will be removed from the specified namespace.

-ae

The api_endpoint is the region-dependent domain for the Sysdig product, without the protocol. E.g. secure.sysdig.com, us2.app.sysdig.com, eu1.app.sysdig.com

-h

Print this usage and exit.

Sysdig Secure Only

-na

If provided, will install the Node Analyzer tools. It is an error to set both -ia and -na.

-ds

The docker socket for Image Analyzer.

-cs

The CRI socket for Image Analyzer.

-cv

The custom volume for Image Analyzer.

-h

Print this usage and exit.

Sysdig Secure Only (Legacy)

These values apply to the Node Image Analyzer (v1) in Sysdig Secure.

-am

The Analysis Manager endpoint for Sysdig Secure.

-ia

If provided, will install the Node Image Analyzer (v1). It is an error to set both -ia and -na. The v1 Node Image Analyzer will be deprecated and replaced by the NA tools.

Docker

Install agent-kmodule
docker run -it --privileged --rm --name sysdig-agent-kmodule \
  -v /usr:/host/usr:ro \
  -v /boot:/host/boot:ro \
  -v /lib/modules:/host/lib/modules:ro \
  quay.io/sysdig/agent-kmodule
Install agent-slim
docker run -d --name sysdig-agent \
  --restart always \
  --privileged \
  --net host \
  --pid host \
  -e ACCESS_KEY=<ACCESS_KEY> \
  -e COLLECTOR=<COLLECTOR_URL> \
  -e SECURE=true \
  [-e TAGS=<LIST_OF_TAGS>] \
  -e ADDITIONAL_CONF= <LIST_OF_CONFIG> \
  -v /var/run/docker.sock:/host/var/run/docker.sock \
  -v /dev:/host/dev \
  -v /proc:/host/proc:ro \
  -v /boot:/host/boot:ro \
  --shm-size=512m \
  quay.io/sysdig/agent-slim

Example

Install agent-kmodule
docker run -it --privileged --rm --name sysdig-agent-kmodule \
  -v /usr:/host/usr:ro \
  -v /boot:/host/boot:ro \
  -v /lib/modules:/host/lib/modules:ro \
  quay.io/sysdig/agent-kmodule
Install agent-slim
docker run \
  --name sysdig-agent \
  --privileged \
  --net host \
  --pid host \
  -e ACCESS_KEY=1234-your-key-here-1234  \
  -e COLLECTOR=mycollector.elb.us-west-1.amazonaws.com \
  -e COLLECTOR_PORT=6443 \
  -e CHECK_CERTIFICATE=false \
  -e TAGS=my_tag:some_value \
  -e ADDITIONAL_CONF="log:\n file_priority: debug\n console_priority: error" \
  -v /var/run/docker.sock:/host/var/run/docker.sock \
  -v /dev:/host/dev \
  -v /proc:/host/proc:ro \
  -v /boot:/host/boot:ro \
  -v /lib/modules:/host/lib/modules:ro \
  -v /usr:/host/usr:ro \
  --shm-size=350m \
quay.io/sysdig/agent-slim

Options

OptionDescription
ACCESS_KEYThe agent access key. You can retrieve this from Settings > Agent Installation in either Sysdig Monitor or Sysdig Secure.
tagsEnter meaningful tags you want applied to your instances.
COLLECTORThe collector URL for Sysdig Monitor or Sysdig Secure. This value is region-dependent in SaaS and is auto-completed on the Get Started page in the UI. It is a custom value in on-prem installations. See SaaS Regions and IP Ranges.
collector_portThe default is 6443.
SECUREUse a secure SSL/TLS connection to send metrics to the collector. This option is enabled by default.
CHECK_CERTIFICATE(On-prem) Determines strong SSL certificate check for Sysdig Monitor on-premises installation. Set to true when using SSL/TLS to connect to the collector service to ensure that a valid SSL/TLS certificate is installed.
ADDITIONAL_CONFOptional. Use this option to provide custom configuration values to the agent as environment variables. If provided, will be appended to agent configuration file. For example, For example, file log configuration.
bpfEnables eBPF probe.

Linux

$ curl -s https://download.sysdig.com/stable/install-agent -a | \
--access_key <value> [-t | --tags <value>] [-c | --collector <value>] \
[-cp | --collector_port <value>] [-s | --secure <value>] \
[-cc | --check_certificate]  [-ac | --additional_conf <value>] \
[-b | --bpf] [-h | --help]

Example

curl -s https://download.sysdig.com/stable/install-agent | sudo bash -s -- \
--access_key <ACCESS_KEY> --collector collector-staging.sysdigcloud.com \
--secure true

Options

OptionDescription
access-keyThe agent access key. You can retrieve this from Settings > Agent Installation in either Sysdig Monitor or Sysdig Secure.
tagsEnter meaningful tags you want applied to your instances.
collectorThe collector URL for Sysdig Monitor or Sysdig Secure. This value is region-dependent in SaaS and is auto-completed on the Get Started page in the UI. It is a custom value in on-prem installations. See SaaS Regions and IP Ranges.
collector_portThe default is 6443.
secureUse a secure SSL/TLS connection to send metrics to the collector. This option is enabled by default.
check_certificateDisables strong SSL certificate check for Sysdig Monitor on-premises installation.
additional_confOptional. Use this option to provide custom configuration values to the agent as environment variables. If provided, the value will be appended to agent configuration file. For example, file log configuration.
bpfEnables eBPF probe.


Last modified May 20, 2022