Linux Installation Instructions
Please refer to the Port/Protocol/Process Rules and AV/File Monitor Exclusions documentation before installation.
Bundle Information
When you download your Axon Agent install bundle, it will come as a .tar.gz file. Use the following command to extract the contents:
tar -xzf ./Linux_Agent_Bundle.tar.gzInside the newly created folder, you will see the following files:
| File Name | Description |
|---|---|
| Axon_Agent_Installer_[version].[rpm or deb] | The installer for the Agent itself. There is no need to manually install with yum or apt. |
| Fluentd_Installer.[rpm or deb] | The installer for Fluentd. This is third party software the Agent needs to run. There is no need to manually install with yum or apt. |
| Install_Axon_Agent_Linux.sh | The install script for the Axon Agent. Refer to the section below for instructions for executing the script. |
| Uninstall_Axon_Agent_Linux_1.1.X.sh | A script used to uninstall old versions of the Agent. This file is only to be used for upgrades. |
| lrDiagnosticsBash.sh | A script for collecting diagnostic information on a running Axon Agent. Used in cases where support is needed. |
| detect_version.sh | A script used for collecting version information on the Agent. |
| lragent_config.json | A config file that contains needed information to register the machine with the Axon platform. |
| agent_version.json | A config file that contains version information on the Axon Agent. |
| manifest.json | Currently unused. |
Install the Axon Agent
Ensure all of the files listed in the section above remain in the install bundle folder.
Agent Versions 1.2.0 and Newer
To install Linux Axon Agents for versions 1.2.0 and newer:
- Set the current working directory to the install bundle folder.
Give execute permissions to each of the scripts in the install bundle folder:
CODEchmod +x ./script_file.shIf installing the Agent on a machine that has not had an Agent previously installed, simply run this command from the directory of the bundle extracted:
CODE./Install_Axon_Agent_Linux.sh install
The newly installed Agent appears on the Agents page of Axon in the Active Agents tab.
To verify current running status, see Axon Agent Linux Troubleshooting Guide.
Do not attempt to manually start td-agent/fluentD. The Axon Agent will start collection for you, automatically.
Agent Versions 1.1.8 and Older
Installing the Agent on older versions requires manual installation of the packages provided. Run the following commands in order from the install bundle folder for your given operating system.
Ubuntu and Debian
sudo apt install ./Fluentd_Installer.deb
sudo apt install ./Axon_Agent_Installer_1.X.X.debCentOS, RHEL, and Amazon Linux
sudo yum install ./Fluentd_Installer.rpm
sudo yum install ./Axon_Agent_Installer_1.X.X.rpmUninstall the Axon Agent
Agent Versions 1.2.0 and Newer
To uninstall the Axon Agent post version 1.2.0, use the same installer script used to install the Agent:
./Install_Axon_Agent_Linux.sh uninstallAgent Versions 1.1.8 and Older
First, stop the Agent service and disable it using the following commands, then run the commands in the sections below based on your operating system.
systemctl stop lr-agent.logrhythm.service
systemctl disable lr-agent.logrhythm.serviceUbuntu and Debian
sudo apt purge --auto-remove lr-agent.logrhythm
sudo apt purge --auto-remove td-agentCentOS, RHEL, and Amazon Linux
sudo yum autoremove lr-agent-logrhythm.x86_64
sudo yum autoremove td-agent.x86_64Removing Directories Associated with Axon Agent
Before using these commands, verify that these directories do not contain anything you want to keep.
rm /opt/osquery -Rf
rm /opt/td-agent -Rf
rm /etc/td-agent -Rf
rm /etc/logrhythm -Rf
rm /var/logrhythm -Rf
rm /var/log/osquery -Rf
rm /var/log/logrhythm -Rf
rm /var/log/td-agent -RfUpgrade the Axon Agent
Agent Versions 1.2.0 and Newer
As of Axon Agent version 1.2.0, the install script supports an upgrade command that will back up all needed data and install the new version of the Agent.
From the directory of your newly downloaded bundle, run this command:
./Install_Axon_Agent_Linux.sh upgradeAgent Version 1.1.8 and Older
If you are upgrading from an Axon Agent version prior to 1.2.0, the upgrade process is slightly more involved in order to back up necessary data.
From the directory of the newly downloaded bundle, run the following commands:
./Uninstall_Axon_Agent_Linux_1.1.X.sh
./Install_Axon_Agent_Linux.sh installDo not use the upgrade command in this scenario. It does not support data backup of older versions of the agent that use a different directory structure. The first uninstall script will back up data in old versions
Troubleshooting Notes
You may see the following error during an agent installation:
cp: cannot stat '/some/filepath/lragent_config.json\n/some/other/filepath/lragent_config.json': no such file or directoryThis is due to multiple copies of the lragent_config.json file existing on the machine. To resolve this, follow these steps:
- Confirm there is no agent currently installed on the machine.
Use the following command to ensure there is only one copy of the file listed, in the directory where the Agent installers exist:
CODEfind / -type f -name lragent_config.json
Once extra copies of the config file have been removed from the machine, the installation will run as expected.