# Agent for Linux edge hosts Axoflow provides Axoflow agent for Linux (a customized OpenTelemetry Collector distribution) to collect data from Linux-based edge hosts. Axoflow agent for Linux can collect data from files and systemd journals. ![Collecting data from edge hosts](/docs/axoflow/img/figure-edge-hosts.svg) ## What the installer does When you deploy axolet, you run a command that installs the required software packages, configures them and sets up the connection with Axoflow. The installer script performs the following main steps: * Executes [prerequisite](../../docs/axoflow/provisioning/linux-agent/index.md#prerequisites) checks: * Tests the network connection with the console endpoints. * Checks if the operating system is supported. * Downloads the installers (`.rpm` or `.deb`) of the Axolet agent and the Axoflow agent for Linux. * The installer script installs the packages. If the packages are already installed, the installer will update them to the latest version. The installer installs: * The collector agent (by default) to `/usr/bin/axoflow-otel-collector`. * A default configuration file to `/etc/axoflow-otel-collector/config.yaml`. * The `axolet` management agent (by default) to `/usr/local/bin/axolet`. `axolet` performs the following main steps on its first execution: * Generates and persists a unique identifier (GUID). * Initiates a cryptographic handshake process to AxoConsole. * AxoConsole issues a client certificate to axolet, which will be stored in the above mentioned `config.json` file. * The service waits for an approval on AxoConsole. Once you approve the host registration request, axolet starts to manage the local services and send telemetry data to AxoConsole. It keeps doing so as long as the agent is registered. Note Note that AxoRouter and Axoflow agent collects detailed, real-time metrics about the data-flows – giving you observability over the health of the security data pipeline and its components. Your security data remains in your self-managed cloud or in your on-prem instance where your sources, destinations, Axoflow agents, and AxoRouters are running, only metrics are forwarded to AxoConsole. To install Axoflow agent on a Linux host, complete the following steps. For other platforms, see [Provision pipeline elements](../../docs/axoflow/provisioning/index.md). ## Prerequisites * Axoflow agent should work on most Red Hat and Debian compatible Linux distributions. Both x86_64 and arm64 architectures are supported. For production environments, we recommend using Red Hat Enterprise Linux 9. * When using Axoflow agent with an [on-premises AxoConsole deployment](../../docs/axoflow/deploy/onprem/index.md), you must [prepare the Axoflow agent host](../../docs/axoflow/deploy/onprem/prepare-axorouter-hosts/index.md) ### Network access The hosts must be able to access the following domains related to the AxoConsole: * When using AxoConsole SaaS: * `.cloud.axoflow.io`: HTTPS traffic on TCP port 443, needed to download the binaries for Axoflow software (like Axolet and AxoRouter). * `kcp..cloud.axoflow.io`: HTTPS (mutual TLS) traffic on TCP port 443 for management traffic. * `telemetry..cloud.axoflow.io`: HTTPS (mutual TLS) traffic on TCP port 443, where Axolet sends the metrics of the host. * `us-docker.pkg.dev`: HTTPS traffic on TCP port 443, for pulling container images (AxoRouter only). * When using an on-premise AxoConsole: * The following domains should point to AxoConsole IP address to access Axoflow from your desktop and AxoRouter hosts: * `your-host.your-domain`: The main domain of your AxoConsole deployment. * `authenticate.your-host.your-domain`: A subdomain used for authentication. * `idp.your-host.your-domain`: A subdomain for the identity provider. * The AxoConsole host must have the following **Open Ports** : * Port 80 (HTTP) * Port 443 (HTTPS) * When installing Axoflow agent for Windows or Linux: * `github.com`: HTTPS traffic on TCP port 443, for downloading installer packages. * To transport data to an AxoRouter, Axoflow agent must be able to access the [OpenTelemetry Connector](../../docs/axoflow/data-sources/opentelemetry/index.md) of the AxoRouter. By default, the connector uses the 4317 TCP port. ## Limitations Communication between the Axoflow agent hosts and AxoRouter hosts uses the OpenTelemetry Protocol (OTLP/gRPC), but currently doesn’t use TLS or authentication. ## Install Axoflow agent for Linux 1. Select **Provisioning > Select type and platform**. ![Provisioning Axoflow agent on Linux](/docs/axoflow/provisioning/linux-agent/provisioning-axoedge-linux.png) 2. Select the type (**Edge**) and platform (**Linux**). The one-liner installation command is displayed. If needed, set the **Advanced options** (for example, proxy settings) to modify the installation parameters. Usually, you don’t have to use advanced options unless the Axoflow support team instructs you to do so. 3. Open a terminal on the host where you want to install Axoflow agent. 4. Run the one-liner, then follow the on-screen instructions. Example output: ``` curl -fLsH 'X-AXO-TOKEN:random-generated' 'https://.cloud.axoflow.io/setup.sh?type=AXOEDGE&platform=LINUX&install_agent=true' | sh Do you want to install Axoflow agents now? [Y] Y Verifying packages... Preparing packages... axolet-0.78.0.x86_64 The unique identifier of this installation: 9hrtcd8bz6u61aihd2zd Verifying packages... Preparing packages... axoflow-otel-collector-0.129.0~axoflow.5-1.x86_64 Created symlink /etc/systemd/system/multi-user.target.wants/axoflow-otel-collector.service → /usr/lib/systemd/system/axoflow-otel-collector.service. Axolet service is running. Now continue with onboarding the host on the Axoflow web UI. ``` 5. Verify that the `axolet` and `axoflow-otel-collector` services are running by running `sudo systemctl list-units | grep axo` Example output: ``` axoflow-otel-collector.service loaded active running Axoflow Otel Collector axolet.service loaded activating start start Axoflow agent ``` 6. On the AxoConsole, reload the **Provisioning** page. A registration request for the new host should be displayed. Accept it. 7. The host now appears on the **Topology** page. To collect data from the host, the host must match the edge selector of an [Edge collection rule](../../docs/axoflow/provisioning/linux-agent/configure/index.md). ## Metadata fields The AxoRouter connector that receives data from Axoflow agent adds the following fields to the `meta` variable: field | value ---|--- meta.connector.type | `otlp` meta.connector.name | `` meta.product | `opentelemetry` meta.platform | `linux` * * * [Manage the Linux agent](../../docs/axoflow/provisioning/linux-agent/manage/index.md) [Advanced installation options](../../docs/axoflow/provisioning/linux-agent/advanced-options/index.md) [Configure data collection](../../docs/axoflow/provisioning/linux-agent/configure/index.md)