Install the AlertKick agent
Add a server in the dashboard, copy the one-line install command, and run it. The agent auto-detects your OS and pulls the right package.
Updated
The AlertKick agent is a single Linux binary that handles everything for a host: infrastructure checks, eBPF security, heartbeats, Docker monitoring, and compliance evidence collection. There’s nothing else to install.
You don’t compose the install command yourself - the dashboard generates one that’s unique to the host (it carries an embedded agent token).
Step 1 - Add the server in the dashboard
- Sign in at app.alertkick.com.
- Go to Servers -> Add server.
- Fill in the hostname and any tags the wizard asks for.
When you finish the wizard, you land on the install screen.
Step 2 - Copy the command and run it on the server
The install screen shows a single line that looks roughly like:
curl -sSL 'https://app.alertkick.com/app/agent-install/<host-id>/script/<hash>?...' | sh
Copy it, paste it into a root shell on the server, and run it. The script:
- auto-detects your distro from
/etc/os-release(Debian/Ubuntu, RHEL/Rocky/Alma/Fedora, others) - auto-detects architecture (
amd64orarm64) - downloads the matching
.deb,.rpm, or tarball - installs it, writes the config, and enables
alertkick-agent.serviceunder systemd
That’s the whole install. Within about 30 seconds the host appears in
Servers with a green online chip, hostname, vendor (Ubuntu, Debian,
Rocky, Alpine…), and agent version.
The install command contains an embedded agent token that’s unique to the host. Don’t paste it into Slack, a shared doc, or a public ticket - anyone who runs it would register a machine under your account.
What gets installed
| Path | Purpose |
|---|---|
/usr/bin/alertkick-agent | The agent binary |
/etc/alertkick-agent/alertkick-agent.conf | Local config (JSON; rarely edited by hand) |
/var/lib/alertkick-agent/ | State, learned baselines, command queue |
/var/log/alertkick-agent/ | Agent log file |
/lib/systemd/system/alertkick-agent.service | systemd unit |
/etc/logrotate.d/alertkick-agent | Log rotation rules |
/usr/lib/alertkick-agent/plugins/ | Plugin drop-in directory for custom checks |
/usr/local/bin/alertkick-agent-updater.sh | Self-update helper |
Verifying
systemctl status alertkick-agent
journalctl -u alertkick-agent -f
If the host doesn’t appear in the dashboard within a minute, check the agent
log: tail -f /var/log/alertkick-agent/*.log. The most common cause is an
outbound firewall blocking endpoint.alertkick.com:8585 - that’s the only
port the agent needs reachable.
Manual / OS-specific install
The wizard also has a Show manual / OS-specific install section that exposes the per-OS commands behind the universal script. Use it when:
- the universal script can’t reach the package CDN from inside your network
(you can mirror the
.deb/.rpmlocally and point apt/yum at the mirror) - you’re building a golden image and want to bake the package in
- you need to install on a distro the universal detector doesn’t recognise
The OS-specific section gives you the apt/yum/zypper one-liners plus a raw tarball download with manual install steps.
Updating
The agent self-updates via alertkick-agent-updater.sh (run on a timer when
the dashboard ships a new agent version). You don’t need to redeploy or
re-run the install script when a new version comes out - existing hosts pick
it up automatically.
Next steps
- Pick checks to enable on the Checks tab of the server detail page - recommended checks are suggested automatically based on what’s running on the host.
- Wire up [[escalation-policies]] so alerts go somewhere useful.
- Turn on eBPF security and read the [[mitre-attack-overview]] guide.