Hosts

This section helps you install the Sysdig Agent for Sysdig Monitor directly on a Linux host as a container or as a Linux package.

Prerequisites

For more information on agent configuration, see Configure Sysdig Agent.

Use the Quick Start Wizard

This option provides a script for installing the agent, and is appropriate for quick trial installations to get Sysdig up and running.

Install as a Container

  1. Log in to Sysdig Monitor as an administrator.

  2. Select Integrations > Sysdig Agent.

  3. Click +Add Account and select Docker.

  4. As prompted by the screen, enter the list of tags. For example, env:production, cluster:east-cluster-a.

    The Wizard will autopopulate a code snippet with autodetected Sysdig Monitor endpoint and the agent access key.

  5. Copy and run the script.

    This will install the Sysdig agent.

Install as a Package

  1. Log in to Sysdig Monitor as an administrator.

  2. Select Integrations > Sysdig Agent.

  3. Click +Add Account and select Linux.

  4. As prompted by the screen, enter the list of tags. For example, env:production, cluster:east-cluster-a.

    The Wizard will autopopulate a code snippet with autodetected Sysdig Monitor endpoint and the agent access key.

  5. Copy and run the script.

    This will install the Sysdig agent.

Customized Installation

You can use this method to integrate with your enterprise deployment methods at production scale.

Install as a Container

  1. Build and load the kernel module:

    • If you are not using eBPF, run:

      sudo docker run -it --privileged --rm --name sysdig-agent-kmodule \
      -v /usr:/host/usr:ro \
      -v /boot:/host/boot:ro \
      -v /lib/modules:/host/lib/modules \
      quay.io/sysdig/agent-kmodule
      
    • If you are using eBPF, run:

      sudo docker run -it --privileged --rm --name sysdig-agent-kmodule \
      -e SYSDIG_BPF_PROBE="" \
      -v /etc/os-release:/host/etc/os-release:ro \
      -v /root/.sysdig:/root/.sysdig \
      -v /usr:/host/usr:ro \
      -v /boot:/host/boot:ro \
      -v /lib/modules:/host/lib/modules:ro \
      quay.io/sysdig/agent-kmodule
      

​ GKE COS environments requires eBPF to run Sysdig Agent. If you are on a distro/kernel that allows both kmod and eBPF, you can choose either of them.

  1. Configure the kernel module to load during system boot:

    sudo mkdir -p /etc/modules-load.d && sudo bash -c "echo sysdigcloud-probe > /etc/modules-load.d/sysdigcloud-probe.conf"
    
  2. Run the agent module providing the access key and, optionally, user-defined tags:

    sudo docker run -d --name sysdig-agent \
    --restart always \
    --privileged \--net host \
    --pid host \
    -e ACCESS_KEY=<ACCESS_KEY> \
    -e COLLECTOR=<COLLECTOR_ADDRESS> \
    [-e TAGS=<TAGS>] \
    -v /var/run/docker.sock:/host/var/run/docker.sock \
    -v /dev:/host/dev \
    -v /proc:/host/proc:ro \
    -v /boot:/host/boot:ro \--shm-size=512m \
    quay.io/sysdig/agent-slim
    

    Replace <ACCESS_KEY> and <COLLECTOR_ADDRESS> with the access key and collector address associated with your account. <TAGS> is optional. You can use it to add custom tags to your metrics. For example, env:production, cluster:east-cluster-a.

  3. Verify that the Sysdig Agent is running:

    docker ps
    

The output will display the sysdig-agent container.

The Sysdig Agent is now installed and running on your host. You can begin monitoring your system, and view dashboards and alerts on the Sysdig Monitor UI.

Install as a Package

Installing agent as a package is supported on the following :

  • Debian, Ubuntu
  • CentOS, RHEL, Fedora, Amazon AMI, Amazon Linux 2

Debian and Ubuntu

  1. Trust the Sysdig Monitor GPG key, configure the apt repository, and update the package list:

    curl -s https://download.sysdig.com/DRAIOS-GPG-KEY.public | sudo apt-key add -
    curl -s -o /etc/apt/sources.list.d/draios.list https://download.sysdig.com/stable/deb/draios.list
    apt-get update
    
  2. Install kernel development files:

    sudo apt-get -y install linux-headers-$(uname -r)
    
  3. Install, configure, and restart the Sysdig agent:

    sudo apt-get -y install draios-agent
    sudo bash -c echo customerid: <ACCESS_KEY> >> /opt/draios/etc/dragent.yaml
    sudo bash -c echo tags: <TAGS> >> /opt/draios/etc/dragent.yaml
    sudo bash -c echo collector: <COLLECTOR_ADDRESS> >> /opt/draios/etc/dragent.yaml
    sudo bash -c echo ssl: true >> /opt/draios/etc/dragent.yaml
    sudo service dragent restart
    

​ Replace <ACCESS_KEY> and <COLLECTOR_ADDRESS> with the access key and collector address associated with your account. <TAGS> is optional and can be used to add custom tags to your metrics.

CentOS, RHEL, Fedora, Amazon AMI, Amazon Linux 2

  1. Trust the Sysdig Monitor GPG key and configure the yum repository:

    sudo rpm --import https://download.sysdig.com/DRAIOS-GPG-KEY.public && sudo curl -s -o /etc/yum.repos.d/draios.repo https://download.sysdig.com/stable/rpm/draios.repo
    
  2. Install the EPEL repository:

    sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
    

    This command is required only if DKMS is not available in the distribution.

  3. Install the kernel development files:

    sudo yum -y install kernel-devel-$(uname -r)
    
  4. Install, configure, and start the Sysdig Agent:

    sudo yum -y install draios-agent && sudo bash -c 'echo "customerid: <ACCESS_KEY>"" >> /opt/draios/etc/dragent.yaml' && sudo bash -c 'echo "collector: <COLLECTOR_ADDRESS>" >> /opt/draios/etc/dragent.yaml' && sudo bash -c 'echo "ssl: true" >> /opt/draios/etc/dragent.yaml' && sudo systemctl enable dragent && sudo systemctl start dragent
    

    Replace <ACCESS_KEY> and <COLLECTOR_ADDRESS> with your own configuration parameters. <TAGS> is optional and can be used to add custom tags to your metrics. For example, env:production, cluster:east-cluster-a.

    Uninstall Agent

    Container

    If Sysdig Agent was installed as a container, remove it using the standard container commands.

    Debian and Ubuntu

    To uninstall the agent from Debian Linux distributions, including Ubuntu:

    Run the following command in a terminal on each host:

    sudo apt-get remove draios-agent
    

    Fedora, CentOS, RHEL, Amazon AMI, Amazon Linux 2

    To uninstall the agent from Fedora Linux distributions, run the following command in a terminal on each host:

    sudo yum erase draios-agent