Install Log Analytics agent on Linux computers

This article provides details on installing the Log Analytics agent on Linux computers using the following methods:

Important

The installation methods described in this article are typically used for virtual machines on-premises or in other clouds. See Installation options for more efficient options you can use for Azure virtual machines.

Supported operating systems

See Overview of Azure Monitor agents for a list of Linux distributions supported by the Log Analytics agent.

Note

OpenSSL 1.1.0 is only supported on x86_x64 platforms (64-bit) and OpenSSL earlier than 1.x is not supported on any platform.

Note

Running the Log Analytics Linux Agent in containers is not supported. If you need to monitor containers, please leverage the Container Monitoring solution for Docker hosts or Container insights for Kubernetes.

Starting with versions released after August 2018, we are making the following changes to our support model:

  • Only the server versions are supported, not client.
  • Focus support on any of the Azure Linux Endorsed distros. Note that there may be some delay between a new distro/version being Azure Linux Endorsed and it being supported for the Log Analytics Linux agent.
  • All minor releases are supported for each major version listed.
  • Versions that have passed their manufacturer's end-of-support date are not supported.
  • Only support VM images; containers, even those derived from official distro publishers' images, are not supported.
  • New versions of AMI are not supported.
  • Only versions that run OpenSSL 1.x by default are supported.

Note

If you are using a distro or version that is not currently supported and doesn't align to our support model, we recommend that you fork this repo, acknowledging that Microsoft support will not provide assistance with forked agent versions.

Python requirement

Starting from Agent version 1.13.27, the Linux Agent will support both Python 2 and 3. We always recommend using the latest agent.

If you are using an older version of the agent, you must have the Virtual Machine use Python 2 by default. If your virtual machine is using a distro that doesn't include Python 2 by default then you must install it. The following sample commands will install Python 2 on different distros.

  • Red Hat, CentOS, Oracle: yum install -y python2
  • Ubuntu, Debian: apt-get install -y python2
  • SUSE: zypper install -y python2

Again, only if you are using an older version of the agent, the python2 executable must be aliased to python. Following is one method that you can use to set this alias:

  1. Run the following command to remove any existing aliases.

    sudo update-alternatives --remove-all python
    
  2. Run the following command to create the alias.

    sudo update-alternatives --install /usr/bin/python python /usr/bin/python2 1
    

Supported Linux hardening

The OMS Agent has limited customization and hardening support for Linux.

The following are currently supported:

  • FIPs
  • SELINUX (Marketplace images for CENTOS and RHEL with their default settings)

The following are not supported:

  • CIS
  • SELINUX (custom hardening like MLS)

CIS and SELINUX hardening support is planned for Azure Monitoring Agent. Further hardening and customization methods are not supported nor planned for OMS Agent.

Agent prerequisites

The following table highlights the packages required for supported Linux distros that the agent will be installed on.

Required package Description Minimum version
Glibc GNU C Library 2.5-12
Openssl OpenSSL Libraries 1.0.x or 1.1.x
Curl cURL web client 7.15.5
Python 2.7 or 3.6+
Python-ctypes
PAM Pluggable Authentication Modules

Note

Either rsyslog or syslog-ng are required to collect syslog messages. The default syslog daemon on version 5 of Red Hat Enterprise Linux, CentOS, and Oracle Linux version (sysklog) is not supported for syslog event collection. To collect syslog data from this version of these distributions, the rsyslog daemon should be installed and configured to replace sysklog.

Network requirements

See Log Analytics agent overview for the network requirements for the Linux agent.

Agent install package

The Log Analytics agent for Linux is composed of multiple packages. The release file contains the following packages, which are available by running the shell bundle with the --extract parameter:

Package Version Description
omsagent 1.13.9 The Log Analytics Agent for Linux
omsconfig 1.1.1 Configuration agent for the Log Analytics agent
omi 1.6.4 Open Management Infrastructure (OMI) -- a lightweight CIM Server. Note that OMI requires root access to run a cron job necessary for the functioning of the service
scx 1.6.4 OMI CIM Providers for operating system performance metrics
apache-cimprov 1.0.1 Apache HTTP Server performance monitoring provider for OMI. Only installed if Apache HTTP Server is detected.
mysql-cimprov 1.0.1 MySQL Server performance monitoring provider for OMI. Only installed if MySQL/MariaDB server is detected.
docker-cimprov 1.0.0 Docker provider for OMI. Only installed if Docker is detected.

Agent installation details

After installing the Log Analytics agent for Linux packages, the following additional system-wide configuration changes are applied. These artifacts are removed when the omsagent package is uninstalled.

  • A non-privileged user named: omsagent is created. The daemon runs under this credential.
  • A sudoers include file is created in /etc/sudoers.d/omsagent. This authorizes omsagent to restart the syslog and omsagent daemons. If sudo include directives are not supported in the installed version of sudo, these entries will be written to /etc/sudoers.
  • The syslog configuration is modified to forward a subset of events to the agent. For more information, see Configure Syslog data collection.

On a monitored Linux computer, the agent is listed as omsagent. omsconfig is the Log Analytics agent for Linux configuration agent that looks for new portal side configuration every 5 minutes. The new and updated configuration is applied to the agent configuration files located at /etc/opt/microsoft/omsagent/conf/omsagent.conf.

Install the agent using wrapper script

The following steps configure setup of the agent for Log Analytics in Azure and Azure Government cloud using the wrapper script for Linux computers that can communicate directly or through a proxy server to download the agent hosted on GitHub and install the agent.

If your Linux computer needs to communicate through a proxy server to Log Analytics, this configuration can be specified on the command line by including -p [protocol://][user:password@]proxyhost[:port]. The protocol property accepts http or https, and the proxyhost property accepts a fully qualified domain name or IP address of the proxy server.

For example: https://proxy01.contoso.com:30443

If authentication is required in either case, you need to specify the username and password. For example: https://user01:password@proxy01.contoso.com:30443

  1. To configure the Linux computer to connect to a Log Analytics workspace, run the following command providing the workspace ID and primary key. The following command downloads the agent, validates its checksum, and installs it.

    wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY>
    

    The following command includes the -p proxy parameter and example syntax when authentication is required by your proxy server:

     wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -p [protocol://]<proxy user>:<proxy password>@<proxyhost>[:port] -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY>
    
  2. To configure the Linux computer to connect to Log Analytics workspace in Azure Government cloud, run the following command providing the workspace ID and primary key copied earlier. The following command downloads the agent, validates its checksum, and installs it.

    wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY> -d opinsights.azure.us
    

    The following command includes the -p proxy parameter and example syntax when authentication is required by your proxy server:

     wget https://raw.githubusercontent.com/Microsoft/OMS-Agent-for-Linux/master/installer/scripts/onboard_agent.sh && sh onboard_agent.sh -p [protocol://]<proxy user>:<proxy password>@<proxyhost>[:port] -w <YOUR WORKSPACE ID> -s <YOUR WORKSPACE PRIMARY KEY> -d opinsights.azure.us
    
  3. Restart the agent by running the following command:

    sudo /opt/microsoft/omsagent/bin/service_control restart [<workspace id>]
    

Install the agent manually

The Log Analytics agent for Linux is provided in a self-extracting and installable shell script bundle. This bundle contains Debian and RPM packages for each of the agent components and can be installed directly or extracted to retrieve the individual packages. One bundle is provided for x64 and one for x86 architectures.

Note

For Azure VMs, we recommend you install the agent on them using the Azure Log Analytics VM extension for Linux.

  1. Download and transfer the appropriate bundle (x64 or x86) to your Linux VM or physical computer, using scp/sftp.

  2. Install the bundle by using the --install argument. To onboard to a Log Analytics workspace during installation, provide the -w <WorkspaceID> and -s <workspaceKey> parameters copied earlier.

    Note

    You need to use the --upgrade argument if any dependent packages such as omi, scx, omsconfig or their older versions are installed, as would be the case if the system Center Operations Manager agent for Linux is already installed.

    sudo sh ./omsagent-*.universal.x64.sh --install -w <workspace id> -s <shared key>
    
  3. To configure the Linux agent to install and connect to a Log Analytics workspace through a Log Analytics gateway, run the following command providing the proxy, workspace ID, and workspace key parameters. This configuration can be specified on the command line by including -p [protocol://][user:password@]proxyhost[:port]. The proxyhost property accepts a fully qualified domain name or IP address of the Log Analytics gateway server.

    sudo sh ./omsagent-*.universal.x64.sh --upgrade -p https://<proxy address>:<proxy port> -w <workspace id> -s <shared key>
    

    If authentication is required, you need to specify the username and password. For example:

    sudo sh ./omsagent-*.universal.x64.sh --upgrade -p https://<proxy user>:<proxy password>@<proxy address>:<proxy port> -w <workspace id> -s <shared key>
    
  4. To configure the Linux computer to connect to a Log Analytics workspace in Azure Government cloud, run the following command providing the workspace ID and primary key copied earlier.

    sudo sh ./omsagent-*.universal.x64.sh --upgrade -w <workspace id> -s <shared key> -d opinsights.azure.us
    

If you want to install the agent packages and configure it to report to a specific Log Analytics workspace at a later time, run the following command:

sudo sh ./omsagent-*.universal.x64.sh --upgrade

If you want to extract the agent packages from the bundle without installing the agent, run the following command:

sudo sh ./omsagent-*.universal.x64.sh --extract

Upgrade from a previous release

Upgrading from a previous version, starting with version 1.0.0-47, is supported in each release. Perform the installation with the --upgrade parameter to upgrade all components of the agent to the latest version.

Cache information

Data from the Log Analytics agent for Linux is cached on the local machine at %STATE_DIR_WS%/out_oms_common.buffer* before it's sent to Azure Monitor. Custom log data is buffered in %STATE_DIR_WS%/out_oms_blob.buffer*. The path may be different for some solutions and data types.

The agent attempts to upload every 20 seconds. If it fails, it will wait an exponentially increasing length of time until it succeeds: 30 seconds before the second attempt, 60 seconds before the third, 120 seconds ... and so on up to a maximum of 16 minutes between retries until it successfully connects again. The agent will retry up to 6 times for a given chunk of data before discarding and moving to the next one. This continues until the agent can successfully upload again. This means that data may be buffered up to approximately 30 minutes before being discarded.

The default cache size is 10 MB but can be modified in the omsagent.conf file.

Next steps