Skip to content

Agent Installation

Choose your deployment model:

  • systemd / .deb — install directly on the host. The standard path for Vault on bare metal or VMs.
  • Docker — run as a container alongside your existing stack.

The examples below use Vault as the log source. Substitute your own log path for other integrations.

Before you start

1. Make sure your log file is being written

The agent reads from a file. The source application must be writing logs to disk before the agent is installed.

For Vault, enable the file audit device:

vault audit enable file file_path=/var/log/vault/audit.log
vault audit list

The log file must be readable by the user running the agent.

2. Get your credentials

From the Logystera dashboard:

  1. Go to EntitiesAdd Entity → select your entity type
  2. Complete the entity setup
  3. On the entity credentials page, copy your Entity Token and Entity Secret

systemd / .deb package

The standard installation method. Installs the agent as a systemd service that starts automatically on boot.

1. Install the package

curl -LO https://packages.logystera.com/agent/latest/logystera-agent.deb
sudo dpkg -i logystera-agent.deb

This installs: - Agent binary to /opt/logystera-agent/ - Systemd service unit to /lib/systemd/system/logystera-agent.service - Config directory at /etc/logystera-agent/

2. Run setup

sudo logystera-agent-setup

The interactive setup prompts for your credentials and log file path, then writes: - /etc/logystera-agent/agent.env — credentials and environment variables - /etc/logystera-agent/fluent.conf — generated Fluentd configuration

3. Start and enable the service

sudo systemctl start logystera-agent
sudo systemctl enable logystera-agent

4. Verify

# Service status
sudo systemctl status logystera-agent

# Follow logs
sudo journalctl -u logystera-agent -f

A healthy agent logs batch sent entries within seconds of Vault activity.

File permissions

The service runs as the logystera-agent user created by the installer. If the audit log is owned by a different group:

sudo usermod -aG vault logystera-agent
sudo systemctl restart logystera-agent

Multi-node deployments

For clustered sources (e.g. Vault Enterprise HA), install one agent per node. Each node writes its own log file.

Use distinct LOGYSTERA_NODE_ID values per node but the same LOGYSTERA_CLUSTER_ID:

LOGYSTERA_CLUSTER_ID=vault-prod
LOGYSTERA_NODE_ID=vault-node-1   # change per node

All nodes use the same entity token and secret (same entity in the Logystera dashboard).

Verify data is arriving

After the agent starts, check the Logystera dashboard:

  1. Go to your entity
  2. Click the Ingestion tab
  3. Within a few minutes you should see batches appearing with status Completed

If no batches appear after 5 minutes, see Troubleshooting.