On-Premises Install Guide (Replicated)

The Sysdig Monitor on-premises container monitoring solution can be setup as either a single-server (“all-in-one”) solution for small or demonstration environments, or as a multi-server distributed enterprise solution. In single-server environments, the server houses the complete component suite, including the API server, metrics collector, several databases, and the metrics aggregation worker in addition to the application management component; for multi-server distributed environments, the components can be distributed across multiple servers as desired.

This guide covers the installation and setup process for the management server, as well as the additional steps required to configure a multi-server distributed enterprise environment, using the Replicated infrastructure manager.

Note: For information regarding installing Sysdig Monitor in a Kubernetes infrastructure, refer to the Sysdig Cloud on Kubernetes documentation.

System Requirements

A 64-bit Linux distribution with a minimum kernel version of 3.10, and support of docker-engine 1.7.1 or later, is required for each server instance. The installation process includes Docker install steps - if Docker is not already installed.

For the Docker installation, running devicemapper in 'loopback mode' is not supported. It has known performance problems and a different storage driver should be used. Please see this note from our Replicated infrastructure partner: devicemapper-installation-warning

Installing the latest version of Docker is recommended.

The following tables outline the recommended minimum resources for each server/node in the environment:

Single-Server Installation

Note: The application node is automatically named local; the Linux server name can be different.

Component Name Resources Required
  • 2 cores (minimum 2.4GHz per core)
  • 8GB RAM
  • Minimum 30GB primary disk
  • Additional disk mounted on /opt for Cassandra and the MySQL datastore.
  • Minimum 1GB per connected agent on /opt disk.

Note: Sysdig recommends using SSD.


Multi-Server Installation

Important: While a server can host multiple functions, Sysdig recommends using separate servers for each component role in a multi-server environment for ease of scalability as the infrastructure grows.

Component names and tags will be assigned in the Multi-Server Configuration process below.

Component Name Resources Required
  • 1 core (minimum 2.4GHz per core)
  • 1GB RAM
  • Minimum 8GB primary disk
  • 2 cores (minimum 2.4GHz per core)
  • 8GB RAM
  • Minimum 30GB primary disk
  • 2 cores (minimum 2.4GHz per core)
  • 8GB RAM
  • Minimum 30GB primary disk
  • Additional disk mounted on /opt for the Cassandra datastore.
  • Minimum 1GB per connected agent on /opt disk.

  Note: Sysdig recommends using SSD.

  • 2 cores (minimum 2.4GHz per core)
  • 8GB RAM
  • Minimum 30GB primary disk
  • Additional disk mounted on /opt for the excess events data.
  • 2 cores (minimum 2.4GHz per core)
  • 8GB RAM
  • Minimum 30GB primary disk
  • 1 core (minimum 2.4GHz per core)
  • 1GB RAM
  • Minimum 8GB primary disk
  • 1 core (minimum 2.4GHz per core)
  • 1GB RAM
  • Minimum 30GB primary disk
  • 2 cores (minimum 2.4GHz per core)
  • 8GB RAM
  • Minimum 30GB primary disk

Note: Hardware resource requirements are lower for a multi-server installation, as applications components are distributed over several instances.


Network Configuration

The following firewall/security configurations are required for inbound traffic:

Port State Description
6443 Open Agent Communication (TLS/encrypted)
443 Open Sysdig Monitor user-interface access
8800 Open Administration console access
6666 Open (optional) Agent communication (unencrypted)

Warning: Port 6666 should only be opened if agents will be communicating with the collectors without encryption.

Additional ports may need to be configured for the Replicated infrastructure manager. Refer to the Replicated port requirements documentation for more information.

To enable AWS Cloudwatch integration, port 443 must be open from the worker nodes to the relevant Cloudwatch endpoints. For endpoint hostnames, and more information on AWS Cloudwatch, refer to the AWS Regions and Endpoints documentation.

All hosts require outbound HTTP/S internet access for:

  • License validation
  • Pulling Sysdig/Agent containers from the Docker hub repository
  • Release update checks

Note: Sysdig does not support HTTP/S proxies for Sysdig platform components. Refer to the Air Gapped Installation section of this document if no internet access will be available for the hosts.

Time Synchronization

Multiple components of Sysdig Monitor require the system clocks to be closely synchronized between hosts. When provisioning hosts for installation, ensure the system clocks are synchronized.

Sysdig recommends installing NTP to ensure all host clocks stay synchronized.

Replicated Infrastructure Installation

  1. Log into the server instance with SSH.
  2. Run the following command to install the Replicated Infrastructure and Docker:
    sudo curl -sSL https://install.sysdigcloud.com/docker | sudo bash

    Note: If Docker is already installed on the server instance, or if the Linux distribution is not supported, add -s --no-docker to the command:

    sudo curl -sSL https://install.sysdigcloud.com/docker | sudo bash -s -- no-docker

    Note: If installing the Replicated Infrastructure behind a proxy, modify the installation command as shown below:

    sudo curl -sSL -x http://<proxy>:<port> -o /tmp/sdc-onpremises-installer.sh https://install.sysdigcloud.com/docker && bash /tmp/sdc-onpremises-installer.sh http-proxy=http://<proxy>:<port>

Management Server Installation

  1. Open a browser, and navigate to the Sysdig Monitor admin window:

  2. Input the server hostname.

  3. Accept the self-signed certificate, or upload a custom SSL certificate and private key.
    Note: If a self-signed certificate is uploaded, it must include the end user, all intermediate, and the root certificates, as the certificate will be used for the load balancers handling the Collector and API components, in addition to the admin console.

  4. Click the Choose License button, and upload the license file.

  5. Once the license validation is complete, secure the admin console using a local password, LDAP user account, or anonymous access (insecure).

    Sysdig recommends securing the console with either a local password or LDAP user account.
  6. Configure the settings panel as appropriate for the server instance, and click Save.

    For more information regarding the fields and required values, refer to Appendix One of this document.

  7. Click Start Now to start the server instance.

The single-server installation is now complete. To continue with the distributed installation setup process, skip to the Distributed Installation Wrap-Up section below.

Single-Server Installation Summary

The dashboard will remain in Starting mode for approximately 4-5 minutes, depending on the internet connection bandwidth, while Sysdig application software is downloaded and installed. Once the installation is complete, the dashboard will move to Started mode.

  1. Click the Open link to navigate to the Sysdig Monitor login panel.
  2. Input the Default User login credentials defined in the Management Server Installation section above.

Next Steps

  • To start, stop, and update the application, or to retrieve support information, use the Management Dashboard:
  • To login as a user and see metrics for hosts with the Sysdig Agent installed, use the Application Web Interface:


Distributed Installation Wrap-Up:

After the management server is setup and the "Start Now" button is clicked, the management server component will be up and running but an error on the start button will indicate the remaining application components need to be assigned and installed. Continue with the following steps:

8. Assign the ‘local’ (management) server the role of API load-balancer by clicking the blue 'Tags' icon in the row for 'local' and selecting ‘lb_api’ from the list presented.  This server will now also act as the load-balancer for API calls.

9. Assign remaining roles and install software onto all cluster servers

Click on the blue 'Add Host' button and select the desired method of installation.  You can choose between a Curl script or Docker run command. Enter the public and private IP addresses then choose one or more components to be assigned to the node. At the bottom of the window a command will be built that you can then copy and issue on your node.

Repeat this procedure until all roles are assigned to your servers. 


You can click to assign multiple rolls to a single node. The recommended configuration is repeated below, note that the MySQL and Redis roles can be assigned to the same server instance. While you can have multiple 'api', 'collector', 'worker' and database instances, you can only configure one 'lb_api' and 'lb_collector' instance since they are load-balancers.  

The 'lb_api' node handles user connection requests to the Sysdig application and the 'lb_collector' handles connections from the agents. When setting up a DNS entry for the cluster, use the address for the 'lb_api' node.

Name Tag Role Description
api api Application Programming Interface server
cassandradb cassandra Cassandra database server
elasticsearch elasticsearch Elasticsearch server for events storage/search
collector collector Agent metrics collector
lb_collector lb_collector Load balancer for collector service
local lb_api Load balancer for API service
mysql_redis mysql & redis MySQL & Redis databases server
worker worker Metrics history processor

10.  Start the Sysdig Monitor Application.

After all roles have been assigned you should see green check marks for each host next to the Provisioned and Connected columns as the software is installed and the node connects successfully to the management server. You can then start the application via the Dashboard >  Start Now button.


The Sysdig application cluster configuration is now finished. The dashboard will be in “Starting” mode for several minutes while software is downloaded and installed onto each server component (depending on your internet connection bandwidth). Once the installation is fully completed, the infrastructure admin dashboard will be in “Started” mode and will also show the  “Open”  link that will bring you to Sysdig Monitor web interface login screen. At the login screen use the credentials configured earlier (Default User) to login and start using the Sysdig Monitor on-premises solution.

To start, stop, and update the application or retrieve support information use the Management Dashboard: https://server_address:8800

To login as a user and see metrics about your Sysdig agent installed hosts, use the Application Web Interface:  http://server_address:80


Airgapped Installation

Replicated infrastructure manager supports installation of the Sysdig Monitor containerized application within an "airgapped" environment.  An airgapped environment is a network that has no inbound or outbound paths available to internet traffic.


A server instance with Docker version 1.7.1 or later installed is required prior installation.

Note:The replicated airgap installation script does not install docker-engine. Sysdig recommends using the latest version of Docker available for the server operating system. For more information on installing Docker in an airgapped environment, refer to the Installing Docker in an Airgapped Environment documentation.


  1. Download the latest Sysdig installation files using the links provided by the Sysdig Sales Engineer:

    - The Sysdig Cloud application .airgap package.

    - The Sysdig Cloud application license file (.rli).

    - Optionally the Sysdig agent Docker image. 

  2. Download the latest Replicated infrastructure manager installation file from: 

  3. Copy all downloaded files to /var/tmp/sysdig on your airgapped server.

  4. Open a command shell on the airgapped server and extract the replicated.tar.gz file:
    sudo tar xzvf replicated.tar.gz
  5. Run the following command to install the Replicated infrastructure manager:
    sudo cat ./install.sh | sudo bash -s airgap
  6. In a browser, navigate to the management console: https://server_address:8800

    Note: Replace server_address with the server name/IP address.

  7. Accept the default self-signed certificate, or provide a custom one, and click Continue.

  8. On the next screen, once the “preflight” checks have been resolved, select the Airgapped option, and click Continue.

  9. Provide a path to the Sysdig application .airgap file.

  10. Upload the .rli license file.

Note: Once the installation process is completed, follow the directions from step 7 onwards in the Distributed On-Premises Installation instructions above to continue the configuration process.


Upgrading Replicated Agents and Sysdig Cloud Application

Upgrade Replicated Components

The Replicated infrastructure installs its own container based agents that deploy and manage the various Sysdig back-end components.  To confirm the currently running version of the Replicated agent, perform replicated --version at the command line on each host.  [Reference  Replicated.com]

Be sure to stop the Sysdig Monitor application from the management console before upgrading the Replicated agent.

Upgrade Replicated Agent

For installations where the Management server has access to the internet:

  1. Run the following command on the management host to upgrade the replicated infrastructure:
    sudo curl -sSL https://get.replicated.com/docker | sudo bash
  2. Run the following command on the remaining nodes in the cluster:
    sudo curl -sSL https://get.replicated.com/operator | sudo bash

Upgrade Airgapped Replicated Agent

To upgrade Replicated in an airgapped (no Internet) installation:

  1. Download the latest Replicated agent installation package:
    curl https://s3.amazonaws.com/replicated-airgap-work/replicated.tar.gz > replicated.tar.gz
  2. In a command shell, extract the Replicated installer:
    sudo tar xzvf replicated.tar.gz
  3. Run the 'install.sh' script on the management host:
    sudo cat ./install.sh | sudo bash -s airgap
  4. Run the 'operator_install.sh' script on all remaining nodes:
    sudo cat ./operator_install.sh | sudo bash -s airgap

Upgrade Sysdig Application

When upgrading the Replicated infrastructure installation of the Sysdig cluster, the best practice is to install upgrades sequentially, one version at the time. This ensures consistent database migrations and allows for easier troubleshooting should problems occur.  For this reason we recommend staying fairly up-to-date on the release cycle and avoid 'stacking up' upgrades.

To upgrade the Sysdig Cloud application, go to the Management Console > Dashboards tab and click View Update.  You will see a release history list and "New" for any new releases.  Click 'Install' for the desired release. 

Upgrade Airgapped Sysdig Application 

  1. Download the new Sysdig application .airgap installer using the link and password supplied for the initial installation.

  2. Copy the .airgap file to the update directory in the management host. The update path is configured in the Console Settings > Airgapped Settings section accessible by clicking the gear icon in the management console.

  3. Navigate to the Management Console > Dashboards tab and click View Update.
  4. Install the update by clicking 'Install' for the desired version.



Agent SSL Configuration

Sysdig X version 3.0.7 and later releases enable SSL by default for encrypted communication between the Sysdig agent and the backend metrics collector. The example command below configures secure communication over port 6443 with the COLLECTOR_PORT flag; the CHECK_CERTIFICATE flag is set to false in this example as the certificate is not signed (the certificate is only for encryption):

docker run --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=123456-3936-4c60-9cf4-123456abc -e COLLECTOR= -e COLLECTOR_PORT=6443 -e CHECK_CERTIFICATE=false -e TAGS=dept:eng -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/agent

The example command above creates the following /opt/draios/etc/dragent.yaml agent configuration file:

Disable SSL Encryption

To disable SSL encryption, remove the CHECK_CERTIFICATE flag, and set the SECURE flag to false. An example command is shown below:

docker run --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=123456-3936-4c60-9cf4-123456abc -e COLLECTOR=  -e SECURE=false -e TAGS=dept:eng  -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/agent

The example command above produces the following /opt/draios/etc/dragent.yaml agent configuration file. The config file disables SSL upon startup, and uses the non-secure default port 6666:

customerid: 123456-3936-4c60-9cf4-123456abc
tags: dept:eng
ssl: false

Note: Redeploying previously installed agents when upgrading the Sysdig Monitor on-premises application from versions older than 307 is unnecessary, as they are backwards compatible, and will continue to connect on non-SSL port 6666. However, if infrastructure security is a concern, remove the older agents, then re-install the latest version.

Troubleshooting Airgapped Upgrades

For troubleshooting steps, refer to: On-Premises Install Troubleshooting Steps.

Appendix One: Server Settings

Hostname By default this field is preconfigured with the current server public IP. If you install Sysdig Monitor behind a private network a firewall or proxy, change it to the server’s private address or routable DNS. Default User The default username/password used to log into the Sysdig Monitor console SMTP Relay Configuration The SNTP Server, port, login, password, and secure connection type used to send notifications Email Header Configuration The content of the From header in the e-notifications and alerts

Field Description
Hostname (required) The server hostname. By default, the value is the management server's public IP. If the Sysdig Monitor instance is installed behind a private network, firewall, or proxy, configure the hostname to the server's private address or routable DNS.
Default User (required) The default username and password used to log into the Sysdig Monitor admin console.
SMTP Relay Configuration The SMTP server, port, login, password, and secure connection type used to send notifications.
Email Header Configuration The From header content in e-notifications and alerts


Appendix Two: Custom Self-Signed Certificate

Sysdig Monitor/Cloud/etc uses a self-signed SSL security certificate, unless a custom certificate is provided. The example command below creates a custom, unsigned certificate called MyCert.pem; the certificate has a private key called MyCert.key, and is valid for five years:

sudo openssl req -new -x509 -sha256 -days 1825 -nodes -out ./MyCert.pem -keyout ./MyCert.key

For more information, refer to the OpenSSL certificate documentation.


Appendix Three: Uninstalling

To uninstall Sysdig Monitor and the Replicated infrastructure manger simply stop the Sysdig Monitor application from the management console and perform the steps shown at the bottom of this Replicated Installation Guide

Once all containers are stopped and removed, you should rename, archive, or remove any Sysdig Cassandra/Elasicsearch/MySQL databases (default location is /opt) before re-installing a completely new instance of Sysdig Monitor.

To remove all unused containers and images on your host, use docker system prune -a -f 



Have more questions? Submit a request