Run Elastic Agent
editRun Elastic Agent
editThis functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
Elastic Agent runs in two modes: standalone or fleet. The two modes differ in how you configure and manage the agent.
Run in Fleet mode
editWith fleet mode, you manage Elastic Agent remotely. The agent uses a trusted Kibana instance to retrieve configurations and report agent events. This trusted Kibana instance must have Ingest Manager and Fleet enabled.
To create a trusted communication channel between Elastic Agent and Kibana, enroll the agent to Fleet.
To enroll an Elastic Agent to Fleet:
- Stop Elastic Agent, if it’s already running.
-
In Ingest Manager, click Settings and change the defaults, if necessary. For self-managed installations, set the URLs for Elasticsearch and Kibana, including the http ports, then save your changes.
- Select Fleet, then click Add agent to get an enrollment token. See Quick start for detailed steps.
-
Change to the directory where Elastic Agent is installed, and enroll the agent to Fleet:
We recommend that you run this command as the root user because some integrations require root privileges to collect sensitive data.
elastic-agent enroll KIBANA_URL ENROLLMENT_KEY
Where
KIBANA_URLis the Kibana URL where Fleet is running, andENROLLMENT_KEYis the enrollment token acquired from Fleet.We recommend that you run this command as the root user because some integrations require root privileges to collect sensitive data.
elastic-agent enroll KIBANA_URL ENROLLMENT_KEY
Where
KIBANA_URLis the Kibana URL where Fleet is running, andENROLLMENT_KEYis the enrollment token acquired from Fleet.We recommend that you run this command as the root user because some integrations require root privileges to collect sensitive data.
./elastic-agent enroll KIBANA_URL ENROLLMENT_KEY
Where
KIBANA_URLis the Kibana URL where Fleet is running, andENROLLMENT_KEYis the enrollment token acquired from Fleet.We recommend that you run this command as the root user because some integrations require root privileges to collect sensitive data.
./elastic-agent enroll KIBANA_URL ENROLLMENT_KEY
Where
KIBANA_URLis the Kibana URL where Fleet is running, andENROLLMENT_KEYis the enrollment token acquired from Fleet.Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator).
From the PowerShell prompt, change to the directory where you installed Elastic Agent, and run:
.\elastic-agent.exe enroll KIBANA_URL ENROLLMENT_KEY
Where
KIBANA_URLis the Kibana URL where Fleet is running, andENROLLMENT_KEYis the enrollment token acquired from Fleet. -
Run the agent:
The DEB package includes a service unit for Linux systems with systemd. On these systems, you can manage Elastic Agent by using the usual systemd commands:
systemctl enable elastic-agent systemctl start elastic-agent
Otherwise, use:
sudo service elastic-agent start
Elastic Agent will restart automatically if the system is rebooted.
The RPM package includes a service unit for Linux systems with systemd. On these systems, you can manage Elastic Agent by using the usual systemd commands:
systemctl enable elastic-agent systemctl start elastic-agent
Otherwise, use:
sudo service elastic-agent start
Elastic Agent will restart automatically if the system is rebooted.
./elastic-agent run
This command starts Elastic Agent in the foreground. You must restart Elastic Agent manually if the agent terminates or the system is rebooted.
To start the agent automatically when the system is rebooted, Install the agent as a service.
./elastic-agent run
This command starts Elastic Agent in the foreground. You must restart Elastic Agent manually if the agent terminates or the system is rebooted.
To start the agent automatically when the system is rebooted, use the DEB or RPM package instead of the tarball.
The first time you run Elastic Agent, you need to install it as auto-starting Windows service. To do this, run the PowerShell script provided in the archive you downloaded:
- Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator).
-
From the PowerShell prompt, run the following commands to install Elastic Agent as an service and start the service:
You must run Elastic Agent under the SYSTEM account if you plan to use the Elastic Endpoint integration.
If script execution is disabled on your system, set the execution policy for the current session to allow the script to run. For example:
PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-elastic-agent.ps1.If the service stops and you need to restart it manually, run:
Start-Service elastic-agent
Elastic Agent will restart automatically if the system is rebooted.
Run in standalone mode (default)
editWith standalone mode, you manually configure and manage Elastic Agent locally on the system where the agent is installed. Elastic Agent is configured to run in standalone mode by default unless you enroll it in Fleet.
If Elastic Agent is installed as an auto-starting service, it will run automatically when you restart your system.
To start Elastic Agent manually, run:
The DEB package includes a service unit for Linux systems with systemd. On these systems, you can manage Elastic Agent by using the usual systemd commands:
systemctl enable elastic-agent systemctl start elastic-agent
Otherwise, use:
sudo service elastic-agent start
Elastic Agent will restart automatically if the system is rebooted.
The RPM package includes a service unit for Linux systems with systemd. On these systems, you can manage Elastic Agent by using the usual systemd commands:
systemctl enable elastic-agent systemctl start elastic-agent
Otherwise, use:
sudo service elastic-agent start
Elastic Agent will restart automatically if the system is rebooted.
./elastic-agent run
This command starts Elastic Agent in the foreground. You must restart Elastic Agent manually if the agent terminates or the system is rebooted.
To start the agent automatically when the system is rebooted, Install the agent as a service.
./elastic-agent run
This command starts Elastic Agent in the foreground. You must restart Elastic Agent manually if the agent terminates or the system is rebooted.
To start the agent automatically when the system is rebooted, use the DEB or RPM package instead of the tarball.
The first time you run Elastic Agent, you need to install it as auto-starting Windows service. To do this, run the PowerShell script provided in the archive you downloaded:
- Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator).
-
From the PowerShell prompt, run the following commands to install Elastic Agent as an service and start the service:
You must run Elastic Agent under the SYSTEM account if you plan to use the Elastic Endpoint integration.
If script execution is disabled on your system, set the execution policy for the current session to allow the script to run. For example:
PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-elastic-agent.ps1.If the service stops and you need to restart it manually, run:
Start-Service elastic-agent
Elastic Agent will restart automatically if the system is rebooted.
Use the -c flag to specify the configuration file. If no configuration file is
specified, Elastic Agent uses the default configuration, elastic-agent.yml, which is
located in the same directory as Elastic Agent.
For configuration options, see Configuration settings.