Skip to main content
Skip table of contents

Linux Installation Instructions

Please refer to the Port/Protocol/Process Rules and AV/File Monitor Exclusions documentation before installation.

Axon Agent Versions 1.2.0 and Newer

Upgrade from Axon Agent Version 1.1.6 or 1.1.8

When you download and unpack your 1.2.x agent package, you should see two new scripts:

CODE 
Install_Axon_Agent_Linux.sh
Uninstall_AxonAgent_Linux_1.1.X.sh

  1. Give these scripts "execute" permissions using the following command:

    CODE 
    chmod +x /path/to/scripts/

  2. (Optional.) If you have a version of Axon Agent 1.1 installed, run the following scripts in this order:

    CODE 
    ./Uninstall_AxonAgent_Linux_1.1.X.sh
./Install_Axon_Agent_Linux.sh install

    The uninstall script backs up your spool and state files to prevent data loss.

New Installations Not Upgrading from 1.1.x

For new installations that are not upgrading from a 1.1.x version of Axon agents, you can safely ignore and delete the Uninstall script. Starting with Axon agents 1.2, the Install script is used for both installation and uninstallation.

  1. Enter the following commands:

    CODE 
    chmod +x ./Install_Axon_Agent_Linux.sh
./Install_Axon_Agent_Linux.sh install

    Make sure you keep a copy of the install script if you need to uninstall the Agent later.

Uninstall Axon Agents Version 1.2.x

To uninstall an Axon agent version 1.2 or later:

  1. Enter the following command:

    CODE 
    ./Install_Axon_Agent_Linux.sh uninstall

Troubleshooting Notes

You may see the following error during an agent installation:

CODE 
cp: cannot stat '/some/filepath/lragent_config.json\n/some/other/filepath/lragent_config.json': no such file or directory

This is due to multiple copies of the lragent_config.json file existing on the machine. To resolve this, follow these steps:

  1. Confirm there is no agent currently installed on the machine.

  2. Use the following command to ensure there is only one copy of the file listed, in the directory where the Agent installers exist:

    CODE 
    find / -type f -name lragent_config.json

Once extra copies of the config file have been removed from the machine, the installation will run as expected.

Axon Agent Versions 1.1.8 and Earlier

Ubuntu 20 / Ubuntu 22

Install the Axon Agent on Ubuntu 20 and 22

Once the Agent Package installer has been downloaded, install the Agent by doing the following:

  1. Move the Agent Package installer to the device on which collection will occur.

  2. Browse via the terminal to the directory containing the installation package.

  3. Extract the Linux Axon Agent bundle:

    BASH 
    tar -xzf ./Linux_Agent_Bundle.tar.gz

    Make sure the installers and the "lragent_config.json" file are in the same directory.

    Ensure the only lragent-config.json file on the machine exists in the same folder as the Axon Agent Linux installer.  Duplicates of this file existing elsewhere on the system may cause installation errors.

  4. Install FluentD :

    BASH 
    sudo apt install ./Fluentd_Installer.deb

  5. Install the Axon Agent:

    BASH 
    sudo apt install ./Axon_Agent_Installer_X.X.X.deb

    X.X.X represents the version of the Axon Agent you are installing.

    The installation is completed successfully.

    The newly installed Agent appears on the Agents page of Axon in the Active Agents tab.

    To verify current running status, see Axon Agent Linux Troubleshooting Guide.

    Do not attempt to manually start td-agent/fluentD.  The Axon Agent will start collection for you, automatically.

Uninstall the Axon Agent on Ubuntu 20 / Ubuntu 22

To uninstall an Axon Agent on Ubuntu 20 and Ubuntu 22:

  1. Retire the Agent being uninstalled in the LogRhythm Axon UI.
    Refer to View and Modify Axon Agents for more information on retiring an Axon Agent.

  2. Stop and disable the Axon Agent Service:

    BASH 
    systemctl stop lr-agent.logrhythm.service
systemctl disable lr-agent.logrhythm.service

  3. Remove the Axon Agent installation:

    BASH 
    sudo apt purge lr-agent-logrhythm
sudo apt purge td-agent

    (Optional.) Use the following commands to remove the LogRhythm Axon Agent and any unnecessary dependencies:

    BASH 
    sudo apt purge --auto-remove lr-agent.logrhythm
sudo apt purge --auto-remove td-agent

  4. Remove the various directories associated with the Axon Agent:

    Before using these commands, verify that these directories do not contain anything you want to keep.

    BASH 
    rm /opt/osquery -Rf
rm /opt/td-agent -Rf
rm /etc/td-agent -Rf
rm /etc/logrhythm -Rf
rm /var/logrhythm -Rf
rm /var/log/osquery -Rf
rm /var/log/logrhythm -Rf
rm /var/log/td-agent -Rf

CentOS 7 / RHEL 9

Install the Axon Agent on CentOS 7 and RHEL 9

Once the Agent Package installer has been downloaded, install the Agent by doing the following:

  1. Move the Agent Package installer to the device on which collection will occur.
  2. Browse via the terminal to the directory containing the installation package.

  3. Extract the Linux Axon Agent bundle:

    BASH 
    tar -xzf ./Linux_Agent_Bundle.tar.gz

    Make sure the installers and the "lragent_config.json" file are in the same directory.

  4. Install FluentD:

    BASH 
    sudo yum install ./Fluentd_Installer.rpm

  5. Install the Axon Agent:

    BASH 
    sudo yum install ./Axon_Agent_Installer_X.X.X.rpm

    X.X.X represents the version of the Axon Agent you are installing.

    The installation is completed successfully.

    The newly installed Agent appears on the Agents page of Axon in the Active Agents tab.

    To verify current running status, see Axon Agent Linux Troubleshooting Guide.

    Do not attempt to manually start td-agent/fluentD.  The Axon Agent will start collection for you, automatically.

Uninstall the Axon Agent on CentOS 7 / RHEL 9

To uninstall an Axon Agent on CentOS7 and RHEL 9:

  1. Retire the Agent being uninstalled in the LogRhythm Axon UI.
    Refer to View and Modify Axon Agents for more information on retiring an Axon Agent.

  2. Stop and disable the Axon Agent Service:

    BASH 
    systemctl stop lr-agent.logrhythm.service
systemctl disable lr-agent.logrhythm.service

  3. Remove the Axon Agent installation:

    BASH 
    sudo yum remove lr-agent-logrhythm.x86_64
sudo yum remove td-agent.x86_64

    (Optional.) Use the following commands to remove the LogRhythm Axon Agent and any unnecessary dependencies:

    BASH 
    sudo yum autoremove lr-agent-logrhythm.x86_64
sudo yum autoremove td-agent.x86_64

  4. Remove the various directories associated with the Axon Agent:

    Before using these commands, verify that these directories do not contain anything you want to keep.

    BASH 
    rm /opt/osquery -Rf
rm /opt/td-agent -Rf
rm /etc/td-agent -Rf
rm /etc/logrhythm -Rf
rm /var/logrhythm -Rf
rm /var/log/osquery -Rf
rm /var/log/logrhythm -Rf
rm /var/log/td-agent -Rf
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close