Skip to main content
Skip table of contents

Linux Installation Instructions

Ubuntu 20 / Ubuntu 22

Install the Axon Agent on Ubuntu 20 and 22

Once the Agent Package installer has been downloaded, install the Agent by doing the following:

  1. Move the Agent Package installer to the device on which collection will occur.

  2. Browse via the terminal to the directory containing the installation package.

  3. Install unzip:

    BASH 
    sudo apt install unzip

  4. Unzip the Linux Axon Agent bundle:

    BASH 
    unzip "Demo Linux Agents_Bundle.zip" -d ./

    Make sure the installers and the "lragent_config.json" file are in the same directory.

    Ensure the only lragent-config.json file on the machine exists in the same folder as the Axon Agent Linux installer.  Duplicates of this file existing elsewhere on the system may cause installation errors.

  5. Install FluentD :

    BASH 
    sudo apt install ./Fluentd_Installer.deb

  6. Install the Axon Agent:

    BASH 
    sudo apt install ./Axon_Agent_Installer_X.X.X.deb

    X.X.X represents the version of the Axon Agent you are installing.

    The installation is completed successfully.

    The newly installed Agent appears on the Agents page of Axon in the Active Agents tab.

    To verify current running status, see Axon Agent Linux Troubleshooting Guide.

Uninstall the Axon Agent on Ubuntu 20 / Ubuntu 22

To uninstall an Axon Agent on Ubuntu 20 and Ubuntu 22:

  1. Retire the Agent being uninstalled in the LogRhythm Axon UI.
    Refer to View and Modify Axon Agents for more information on retiring an Axon Agent.

  2. Stop and disable the Axon Agent Service:

    BASH 
    systemctl stop lr-agent.logrhythm.service
systemctl disable lr-agent.logrhythm.service

  3. Remove the Axon Agent installation:

    BASH 
    sudo apt purge lr-agent-logrhythm
sudo apt purge td-agent

    (Optional.) Use the following commands to remove the LogRhythm Axon Agent and any unnecessary dependencies:

    BASH 
    sudo apt purge --auto-remove lr-agent.logrhythm
sudo apt purge --auto-remove td-agent

  4. Remove the various directories associated with the Axon Agent:

    Before using these commands, verify that these directories do not contain anything you want to keep.

    BASH 
    rm /opt/osquery -Rf
rm /opt/td-agent -Rf
rm /etc/td-agent -Rf
rm /etc/logrhythm -Rf
rm /var/logrhythm -Rf
rm /var/log/osquery -Rf
rm /var/log/logrhythm -Rf
rm /var/log/td-agent -Rf

CentOS 7 / RHEL 9

Install the Axon Agent on CentOS 7 and RHEL 9

Once the Agent Package installer has been downloaded, install the Agent by doing the following:

  1. Move the Agent Package installer to the device on which collection will occur.
  2. Browse via the terminal to the directory containing the installation package.

  3. Install unzip:

    BASH 
    sudo yum install unzip

  4. Unzip the Linux Axon Agent bundle:

    BASH 
    unzip "Demo Linux Agents_Bundle.zip" -d ./

    Make sure the installers and the "lragent_config.json" file are in the same directory.

  5. Install FluentD:

    BASH 
    sudo yum install ./Fluentd_Installer.rpm

  6. Install the Axon Agent:

    BASH 
    sudo yum install ./Axon_Agent_Installer_X.X.X.rpm

    X.X.X represents the version of the Axon Agent you are installing.

    The installation is completed successfully.

    The newly installed Agent appears on the Agents page of Axon in the Active Agents tab.

    To verify current running status, see Axon Agent Linux Troubleshooting Guide.

Uninstall the Axon Agent on CentOS 7 / RHEL 9

To uninstall an Axon Agent on CentOS7 and RHEL 9:

  1. Retire the Agent being uninstalled in the LogRhythm Axon UI.
    Refer to View and Modify Axon Agents for more information on retiring an Axon Agent.

  2. Stop and disable the Axon Agent Service:

    BASH 
    systemctl stop lr-agent.logrhythm.service
systemctl disable lr-agent.logrhythm.service

  3. Remove the Axon Agent installation:

    BASH 
    sudo yum remove lr-agent-logrhythm.x86_64
sudo yum remove td-agent.x86_64

    (Optional.) Use the following commands to remove the LogRhythm Axon Agent and any unnecessary dependencies:

    BASH 
    sudo yum autoremove lr-agent-logrhythm.x86_64
sudo yum autoremove td-agent.x86_64

  4. Remove the various directories associated with the Axon Agent:

    Before using these commands, verify that these directories do not contain anything you want to keep.

    BASH 
    rm /opt/osquery -Rf
rm /opt/td-agent -Rf
rm /etc/td-agent -Rf
rm /etc/logrhythm -Rf
rm /var/logrhythm -Rf
rm /var/log/osquery -Rf
rm /var/log/logrhythm -Rf
rm /var/log/td-agent -Rf
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close