Sysdig Install: Standard (Linux/Docker/CoreOS)

If you have any questions, suggestions, or if you encounter any issues in using Sysdig Monitor, please do not hesitate to contact us. We're here to help!

support@sysdig.com

Troubleshooting Tips

Sysdig Monitor 'Frequently Asked Questions' link

 

Pre-Requisites

Distributions

The below Linux distributions are supported by the Sysdig agent when run with an officially released kernel:

  • Amazon Linux: any version available from AWS Marketplace
  • CentOS: 6.0+
  • CoreOS: 591.0.0+
  • Debian: 6.0+
  • Fedora: 13+
  • RHEL: 6.0+
  • Ubuntu: 10.04+
  • Oracle: 6.0+ (UEK kernels R3+, all RHCK kernels)

If a customized or non-officially released kernel is being run, you will need to have the kernel headers installed for our agent to complete its installation.

Network connection

A small Sysdig agent (containerized or native) is installed into each host being monitored and will need to be able to connect to the Sysdig Monitor backend servers to report host metrics. The agent must be able to reach the address 'collector.sysdigcloud.com' (via multiple IPs) over port tcp/6666 default. If needed, see this FAQ on changing the agent's port number. Please note that, if a proxy is in use, it must be configured to be "fully-transparent". Non-transparent proxies will not allow the agent to connect. For more information see this link. 

Access key

The installation of the Sysdig agent requires an access key. This key and the agent installation instructions are presented to you after activating your account and using a web based wizard upon initial login.  The same information can also be found in the Settings > Agent Installation menu of the web interface after logging in.

Kernel Module / Headers 

The installation process will attempt to compile a kernel module needed for the agent to work. If required kernel header files for the running kernel are not available, the agent installer will then attempt to download a pre-compiled kernel module from Sysdig if available. Compiling the module is supported for all officially released kernels from the distributions listed above and pre-compiled modules are available for the most recent kernels from a subset of the supported OS list above. See this FAQ on installing header files if they are missing in your AWS instance.

Some cloud hosting service providers supply pre-configured Linux instances with customized kernels. You may need to contact your provider's support desk for instructions on obtaining appropriate header files, or installing the distribution's default kernel.

Cloud Provider Configuration

Sysdig Monitor offers integration with common public cloud providers, which allows Sysdig Monitor to pull in important information such as your host tags. To configure the integration, you'll need to provide Sysdig Monitor with read-only access credentials for your cloud infrastructure. See instructions here to grant the proper access and make the configurations. 

Tags

Tagging your hosts is highly recommended. Tags allow you to sort nodes of your infrastructure into custom groups in Sysdig Monitor.

Replace the [TAGS] parameter in the instructions below with a comma-separated list in the form of TAG_NAME:TAG_VALUE. For example: role:webserver,location:europe.

 

Installation

This overview covers three methods for installing the Sysdig agent directly:

  1. Docker container agent - standard
  2. Docker container agent - CoreOS
  3. Native Linux Host agent

Agent install instructions differ slightly between SaaS and On-premise customers. Please choose the following section appropriate to your account.

Note, if you're using an orchestration tool or other container platform (such as Kubernetes, Mesos, AWS, GKE, etc), you may want to review the specific install instructions for your platform:

Sysdig Agent Install Guides

 

Installation Guide: SaaS Account

NOTE: Run any commands as root or with the sudo command

Users accessing their account at https://app.sysdigcloud.com/ will use one of the following three methods to install the Sysdig agent:

1. Docker Container Agent - Standard Installation

The Sysdig agent is available to run inside a single Docker container to report on the entire host (only one agent license is needed to report on all containers). To guarantee a smooth deployment, the kernel headers must be installed in the host operating system, before running the agent.

Kernel header installation can usually be performed on Debian-like distributions with the following command:

apt-get -y install linux-headers-$(uname -r)

Or, if installing on RHEL-like distributions, use this command:

yum -y install kernel-devel-$(uname -r)

After kernel headers are installed, simply pull our agent image from the Docker hub registry and run it with these two commands:

docker pull sysdig/agent
docker run --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=[ACCESS_KEY] -e TAGS=[TAGS] -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --shm-size=512m sysdig/agent

Where [ACCESS_KEY] is your unique agent access key string (e.g.1234-your-key-here-1234) and[TAGS] is the optional list of user-defined agent tags (e.g. role:webserver,location:europe).
 

2. Docker Container Agent - CoreOS Installation

On CoreOS, a unit file similar to this one can be submitted and started with fleet to monitor your entire infrastructure with a single command:

[Unit]
Description=Sysdig Monitor Agent
After=docker.service
Requires=docker.service

[Service]
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill sysdig-agent
ExecStartPre=-/usr/bin/docker rm sysdig-agent
ExecStartPre=/usr/bin/docker pull sysdig/agent
ExecStart=/usr/bin/docker run --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=[ACCESS_KEY] -e TAGS=[TAGS] -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro --shm-size=512m sysdig/agent
ExecStop=/usr/bin/docker stop sysdig-agent

[X-Fleet]
Global=true

Where [ACCESS_KEY] is your unique agent access key string (e.g.1234-your-key-here-1234) and[TAGS] is the optional list of user-defined agent tags (e.g. role:webserver,location:europe). 

Note: For CoreOS v1520.8.0 

Please make sure the correct docker command line is used because on CoreOS the agent compiles the kernel module at container startup

In particular, the following bind mounts should be there as a part of the command:

-v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro

3. Native Linux Host Agent Installation

Automatic Install

curl -s https://s3.amazonaws.com/download.draios.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] [--tags [TAGS]]

Where [ACCESS_KEY] is your unique agent access key string(e.g.1234-your-key-here-1234) and [TAGS] is an optional list of user-defined agent tags (e.g. role:webserver,location:europe).

Manual Install

Manual installation is recommended in the following cases:

  • Full control over the deployment process
  • Integration with configuration management tools
  • Custom kernel
  • Unsupported distribution

Go to Manual Install instructions

  

Installation Guide: Enterprise On-Premises Accounts

NOTE: Run any commands as root or with the sudo command

For enterprise customers implementing our self-contained "on-prem" solution, please follow these instructions for installing the Sysdig agent. Instructions are similar as above but include the additional collector address and a security parameter.

1. Docker Container Agent - Standard On-Prem Installation

The Sysdig agent is available to run inside a single Docker container to report on the entire host (only one agent license is needed to report on all containers). To guarantee a smooth deployment, the kernel headers must be installed in the host operating system, before running the agent.

Kernel header installation can usually be performed on Debian-like distributions with the following command:

apt-get -y install linux-headers-$(uname -r)

Or, if installing on RHEL-like distributions, use this command:

yum -y install kernel-devel-$(uname -r)

After kernel headers are installed, simply pull our agent image from the Docker hub registry and run it with these two commands:

docker pull sysdig/agent
docker run --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=[ACCESS_KEY] -e COLLECTOR=[COLLECTOR_ADDRESS] -e SECURE=false [-e TAGS=[TAGS]] -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --shm-size=512m sysdig/agent

Where [ACCESS_KEY] is your unique agent access key string(e.g.1234-your-key-here-1234), [COLLECTOR_ADDRESS] is the IP address of the collector server, and [TAGS] is the optional list of user-defined agent tags (e.g. role:webserver,location:europe).

 

2. Docker Container Agent - CoreOS On-Prem Installation

[Unit]
Description=Sysdig Monitor Agent
After=docker.service
Requires=docker.service

[Service]
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill sysdig-agent
ExecStartPre=-/usr/bin/docker rm sysdig-agent
ExecStartPre=/usr/bin/docker pull sysdig/agent
ExecStart=/usr/bin/docker run --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=[ACCESS_KEY] -e COLLECTOR=[COLLECTOR_ADDRESS] -e SECURE=false [-e TAGS=[TAGS]] -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro --shm-size=512m sysdig/agent
ExecStop=/usr/bin/docker stop sysdig-agent

[X-Fleet]
Global=true

Where [ACCESS_KEY] is your unique agent access key string(e.g.1234-your-key-here-1234), [COLLECTOR_ADDRESS] is the IP address of the collector server, and [TAGS] is the optional list of user-defined agent tags (e.g. role:webserver,location:europe).

Note: For CoreOS v1520.8.0 

Please make sure the correct docker command line is used because on CoreOS the agent compiles the kernel module at container startup

In particular, the following bind mounts should be there as a part of the command:

-v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro

3. Native Linux Host Agent On-Prem Installation

Automatic Install

curl -s https://s3.amazonaws.com/download.draios.com/stable/install-agent | sudo bash -s -- --access_key [ACCESS_KEY] --collector [COLLECTOR_ADDRESS] --secure false [--tags [TAGS]]

Where [ACCESS_KEY] is your unique agent access key string (e.g.1234-your-key-here-1234), [COLLECTOR_ADDRESS] is the IP address of the collector server, and [TAGS] is an optional list of user-defined agent tags (e.g. role:webserver,location:europe).

Manual Install

Manual installation is recommended in the following cases:

  • Full control over the deployment process
  • Integration with configuration management tools
  • Custom kernel
  • Unsupported distribution

Go to Manual Install instructions

Have more questions? Submit a request