Agent (Linux / Windows)¶
The Vesana Agent is a single Go binary — statically linked (CGO_ENABLED=0), ~6.5 MB, no runtime dependencies. Runs as systemd service (Linux) or Windows service.
Prerequisites¶
- Outbound HTTPS 443 to the Vesana server
- Linux: systemd (Debian, Ubuntu, RHEL, AlmaLinux, SUSE, Arch all OK); install as root
- Windows: Server 2016+ or Windows 10+ (amd64)
Step 1 — Create host in Vesana¶
Unless already done: create a host with agent_capable profile. See Adding hosts.
Step 2 — Generate agent token¶
On the host detail page:
- Set up agent
- Token shown exactly once
- Copy immediately
Step 3 — Install agent¶
On the target machine as root:
Replace TOKEN with the token from step 2 and your-domain.tld with your server.
What happens:
- Distro detection (Debian/RHEL/SUSE/Arch)
- Binary into
/usr/local/bin/vesana-agent - Config in
/etc/vesana-agent/config.yaml(chmod 600) - systemd unit at
/etc/systemd/system/vesana-agent.service systemctl enable --now vesana-agent
Re-run safe — overwrites binary + config.
# 1. Download binary
wget https://your-domain.tld/agent/vesana-agent-linux-amd64 -O /tmp/vesana-agent
chmod +x /tmp/vesana-agent
sudo mv /tmp/vesana-agent /usr/local/bin/vesana-agent
# 2. Create config
sudo mkdir -p /etc/vesana-agent
sudo tee /etc/vesana-agent/config.yaml > /dev/null <<'EOF'
server: "https://your-domain.tld"
token: "vesana_agent_YOUR_TOKEN_HERE"
log_level: "info"
EOF
sudo chmod 600 /etc/vesana-agent/config.yaml
# 3. systemd unit
sudo tee /etc/systemd/system/vesana-agent.service > /dev/null <<'EOF'
[Unit]
Description=Vesana Agent
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/vesana-agent --config /etc/vesana-agent/config.yaml
Restart=on-failure
RestartSec=5
User=root
[Install]
WantedBy=multi-user.target
EOF
# 4. Activate
sudo systemctl daemon-reload
sudo systemctl enable --now vesana-agent
- Download from server downloads page:
vesana-agent-setup.exe - Double-click — wizard opens
- Inputs:
- Server URL:
https://your-domain.tld - Agent token from step 2
- Server URL:
- Install — wizard installs binary into
C:\Program Files\Vesana\Agent\, writes config, registers Windows service
Service is VesanaAgent and starts at boot.
Command prompt as Administrator:
REM 1. Download
cd %TEMP%
curl -O https://your-domain.tld/agent/vesana-agent-windows-amd64.exe
REM 2. Install
move vesana-agent-windows-amd64.exe "C:\Program Files\Vesana\Agent\vesana-agent.exe"
REM 3. Config (PowerShell)
powershell -Command "New-Item -ItemType Directory -Force 'C:\ProgramData\Vesana\Agent'"
powershell -Command "@'
server: ""https://your-domain.tld""
token: ""vesana_agent_YOUR_TOKEN_HERE""
log_level: ""info""
'@ | Set-Content -Path 'C:\ProgramData\Vesana\Agent\config.yaml'"
REM 4. Install service and start
"C:\Program Files\Vesana\Agent\vesana-agent.exe" install
net start VesanaAgent
Step 4 — Verify¶
In the UI: agent status on the host detail should flip to online within 30 s (green dot).
Logs:
Step 5 — Assign checks¶
If the profile has auto_add checks, they're already there. Otherwise add services manually on the host detail.
The agent fetches config every 5 minutes — new checks appear with a small delay.
Available agent check types¶
| Check type | What it checks | Config |
|---|---|---|
agent_cpu |
CPU usage % (over time) | – |
agent_memory |
RAM usage % | – |
agent_disk |
Disk usage per mount | path (e.g. /, C:) |
agent_service |
OS service / systemd unit status | service (name) |
agent_process |
Process running? | process (name or pattern) |
agent_eventlog |
Windows event log | log, level, minutes |
agent_custom |
Run own command | command, ok_pattern/warn_pattern/crit_pattern |
agent_script |
Server-managed script | script_id |
agent_services_auto |
All auto-start services (Windows) | exclude (list) |
Token rotation¶
If a token is compromised:
- Host detail → Agent → Revoke token
- Old agent stops authenticating (401)
- Generate new token
- Update
/etc/vesana-agent/config.yaml(orC:\ProgramData\Vesana\Agent\config.yaml) - Restart service
Or: re-install via one-command installer with new token.
Proxy / DNS¶
If the agent needs an HTTPS proxy:
sudo mkdir -p /etc/systemd/system/vesana-agent.service.d
sudo tee /etc/systemd/system/vesana-agent.service.d/proxy.conf > /dev/null <<'EOF'
[Service]
Environment="HTTPS_PROXY=http://proxy.local:8080"
Environment="NO_PROXY=localhost,127.0.0.1"
EOF
sudo systemctl daemon-reload
sudo systemctl restart vesana-agent
Troubleshooting¶
Agent not reporting¶
- Firewall: outbound 443 to server open?
- DNS:
getent hosts your-domain.tld(Linux) /nslookup your-domain.tld(Windows) - TLS cert: self-signed? Set
--insecurein config or import cert into system trust store - Token: exact, no whitespace/newlines
- Logs
Common errors:
| Log line | Cause |
|---|---|
dial tcp: lookup vesana.example: no such host |
DNS |
x509: certificate signed by unknown authority |
TLS — invalid or self-signed cert |
401 Unauthorized |
Wrong token |
403 Forbidden |
Token belongs to another host (re-issued in DB?) |
connection refused |
Server not there or wrong port |
Service won't start¶
# Linux: foreground run shows direct output
sudo /usr/local/bin/vesana-agent --config /etc/vesana-agent/config.yaml
# Windows
"C:\Program Files\Vesana\Agent\vesana-agent.exe" --config "C:\ProgramData\Vesana\Agent\config.yaml"
Foreground output reveals problems hidden as service.
Auto-update stuck¶
See Agent versioning.
Uninstall¶
After uninstall: revoke token in Vesana, otherwise the host counts as „has agent" forever.
Next¶
- Agent versioning — understand auto-update
- Monitoring → Check types — all agent checks
- Monitoring → Scripts — custom scripts via
agent_script