1. Overview
  2. Adding servers
  3. Installing the agent

Installing the agent

This guide walks you through the process of installing and configuring the SSHwatch monitoring agent on your server.

The SSHwatch agent is a lightweight software component that runs on your server to monitor SSH activity and transmit log data to the SSHwatch platform. It captures and processes SSH events in real-time, sending them to our analytics platform for security analysis. The agent uses minimal system resources while maintaining visibility into SSH sessions, login attempts, and commands. This ensures your security team has immediate access to critical events, enabling rapid threat response and maintaining a complete audit trail of SSH activity.

Prerequisites

  • Root or sudo access to your server
  • A supported Linux distribution (Debian/Ubuntu or RHEL/CentOS)
  • Your SSHwatch API key (found in your dashboard)

Installation Steps

For Debian/Ubuntu Systems

  1. Download the latest package:

wget https://dashboard.sshwatch.com/agent/sshwatch_latest.deb

  1. Install the package:

sudo dpkg -i sshwatch_latest.deb

For RHEL/CentOS Systems

  1. Download the latest package:

wget https://dashboard.sshwatch.com/agent/sshwatch_latest.rpm

  1. Install the package:

sudo rpm -i sshwatch_latest.rpm

Configuration

  1. Locate the configuration file:

    • The default location is /etc/sshwatch/config.ini

  2. Add your API key to the configuration file:

    • Open the file with your preferred text editor
    • Add your API key in the appropriate section
    • Save and close the file

  3. Verify the service is running:

systemctl status sshwatch

Troubleshooting

Common Issues

  1. Service Won't Start

    • Check system logs: journalctl -u sshwatch
    • Verify API key is correct
    • Ensure proper file permissions

  2. No Data in Dashboard

    • Confirm network connectivity
    • Check firewall settings
    • Verify API key configuration

  3. Installation Errors

    • Ensure system is up to date
    • Check for conflicting packages
    • Verify system requirements

Best Practices

  1. Regular Updates

    • Keep the agent updated for best security
    • Check for updates monthly

  2. Configuration Backup

    • Save a copy of your configuration
    • Document any custom settings

  3. Monitoring

    • Regularly check agent status
    • Monitor system resource usage
    • Review logs for any issues

The SSHwatch agent should now be installed and running on your system. You can verify this by checking your dashboard for incoming data.

Was this article helpful?