Docs > Getting Started > Getting Started with the Agent
Getting Started with the Agent
Overview
This guide introduces the AppStatus Agent and covers:
- Introduction to the Agent
- Installation across platforms
- Data collected by the Agent (8 collectors)
- Agent configuration file reference
- Advanced configurations and features
- Troubleshooting
What is the AppStatus Agent?
The AppStatus Agent is software that runs on your hosts. It collects system metrics, process data, logs, security events, container stats, file integrity changes, HTTP probe results, and active sessions from hosts and sends them to AppStatus, where you can analyze your monitoring and performance data in real time.
The Agent can run on:
- Local hosts — Linux (AMD64, ARM64), macOS, Windows
- Containerized environments — Docker, Kubernetes
- Cloud platforms — AWS, GCP, Azure, any cloud VM
- Configuration management — Ansible, Chef, Puppet, Terraform
With 8 built-in collectors, the Agent can collect 75–100 system-level metrics every 10–30 seconds. It streams live telemetry over gRPC with TLS 1.2+ encryption, batching data every second for efficient delivery. The Agent uses bidirectional streaming for both telemetry and logs, with automatic reconnection and exponential backoff.
The Agent supports building for 6 platforms: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64.
The Agent Configuration File
The Agent's main configuration file is agent.yaml. The required parameters are:
- Your AppStatus Workspace API Key, which is used to authenticate the Agent's data with your workspace.
- Your AppStatus endpoint (
agent.appstatus.io:443).
See the sample agent.yaml.example file for all available configuration options. You can adjust the Agent configuration to enable/disable individual collectors, set collection intervals, define log paths, and configure security detection rules.
Important
Never commit your workspace_api_key to version control. Use environment variables or a secret manager to inject it at runtime.
Installation
Prerequisites
- Create an AppStatus account at auth.appstatus.io/register.
- Navigate to Agents → Add Agent to generate your Workspace API Key.
- Have your API key on hand for the setup steps below.
Quick Install
Download the latest Agent binary for your platform using the Agent setup page in the AppStatus app, or use the commands below:
To get started, select your platform
Host-based setup workflow
- Download the approved agent binary for the server architecture.
- Place configuration at `/etc/appstatus/agent.yaml` with secure file permissions.
- Enable and restart `appstatus-agent` service using systemd.
- Verify health using service logs and agent inventory in AppStatus.
Validation checks
- Agent status is online in inventory view.
- System and process collectors update in expected interval window.
- Logs and security panels show fresh entries from current host activity.
Agent Metrics
The Agent reports the following metrics to AppStatus about itself. These metrics provide information about which hosts have running Agents, when each Agent started, and the health of the telemetry pipeline.
| Metric | Description |
|---|---|
| appstatus.agent.running | Shows a value of 1 if the Agent is reporting to AppStatus. |
| appstatus.agent.started | A count sent with a value of 1 when the Agent starts. |
| appstatus.agent.uptime_seconds | Total seconds the Agent has been running since last restart. |
| appstatus.agent.batch_sent | Count of telemetry batches successfully sent to AppStatus. |
| appstatus.agent.batch_failed | Count of telemetry batches that failed to deliver. |
| appstatus.agent.collector.duration_ms | Time taken by each collector to complete a collection cycle. Tagged with collector name. |
| appstatus.agent.buffer_usage | Current buffer utilization percentage for outgoing telemetry data. |
| appstatus.agent.stream.reconnects | Number of gRPC stream reconnection events since Agent start. |
Service Checks
The Agent provides the following service checks:
appstatus.agent.up— Returns OK if the Agent connects to AppStatus via gRPC.appstatus.agent.collector.status— Returns CRITICAL if a collector is unable to collect data; otherwise returns OK.appstatus.agent.heartbeat— Returns OK when the 30-second heartbeat is delivered successfully.
Advanced Configuration
Differences Between Agent for Hosts and Containers
There are key differences between installing Agents on a host and in a containerized environment:
Host Configuration
The Agent is configured using a YAML file at /etc/appstatus/agent.yaml. Collectors are identified through the configuration file. Systemd manages the service lifecycle.
Container Configuration
Configuration is mounted as a read-only volume into the container. The Docker socket is mounted for container metadata collection. Restart policy handles lifecycle.
Setting Labels through the Configuration File
Labels add metadata to your metrics and events. They allow you to scope and filter your data in AppStatus dashboards. When data is sent from multiple hosts, labeling allows you to narrow down to the data most relevant to your team.
After updating labels, restart the Agent. Labels will appear on all metrics, events, and logs sent by this Agent. You can filter agents by label in the AppStatus inventory view.
Batching and Send Configuration
The Agent batches collected data and sends it over gRPC streams. You can tune the batching behavior:
Logging Configuration
Offline Buffering
When the connection to AppStatus is lost, the Agent buffers data locally and retries with exponential backoff (up to 60s delay, infinite retries):
Agent Overhead
The Agent is designed to be lightweight. Expected resource consumption with all collectors enabled:
~0.08%
Average CPU usage
~30 MB
Memory footprint
~15 MB
Binary size
Actual usage depends on the number of enabled collectors, collection intervals, number of running processes/containers, and log volume. The single Go binary has minimal dependencies and runs efficiently on low-resource instances.
Troubleshooting
For help troubleshooting the Agent:
Agent is not connecting
Verify endpoint and API key in agent.yaml. Check TLS is enabled for production endpoints. Run with logging level "debug" for detailed connection output. The Agent retries with exponential backoff (max 60s) indefinitely.
No metrics appearing in AppStatus
Confirm the Agent shows "online" in inventory. Check if the specific collector is enabled in config. Verify the Agent is sending batches (check appstatus.agent.batch_sent metric). Review Agent logs for errors.
Security events are missing
Verify auth_log_paths match your Linux distribution. Ubuntu/Debian uses /var/log/auth.log while RHEL/CentOS uses /var/log/secure. Ensure the Agent process has read permissions on log files.
Docker collector not working
Ensure Docker socket is mounted and accessible. When running the Agent in Docker, mount the socket with proper permissions.
High memory usage
Reduce buffer_size in send configuration. Lower process top_n value. Reduce log collection paths or add exclude_patterns. Consider increasing send interval_ms to batch more efficiently.
Agent credentials rotation
Generate a new API key in AppStatus, update agent.yaml, and restart the agent. The old key is immediately revoked. Use secret injection for automated rotations.
Hardening Checklist
- Use least-privilege mounts and read-only paths when running in containers.
- Rotate ingestion credentials and audit secret access on a schedule.
- Document distribution-specific overrides to avoid missing security events.
- Run platform-specific validation after every config or agent version change.
- Enable TLS in all production environments — never disable
tls.enabled. - Pin agent image/binary versions and track release notes for updates.
Step-by-Step Setup
The AppStatus agent is a small program you install on your servers, containers or Kubernetes nodes. It collects system metrics (CPU, memory, disk, network), processes, logs, security events and Docker container stats, then streams them back to AppStatus over an encrypted gRPC connection. Setup takes about 5 minutes per host — most of it is copying the install command and pasting your API key.
Before you start
- A Linux, macOS or Windows host you can sign in to (or a Kubernetes cluster)
- Outbound network access to agent.appstatus.io on port 443
- A workspace API key (created during step 2 of this guide)
- 1
Open the Agents section
The Agents page lists every host streaming telemetry to your workspace, plus an "Add agent" button that walks you through registration. Online agents show a green dot; offline ones show red with a "last seen" timestamp.
WhereSidebar → Agents - 2
Click "+ Add agent" and pick the platform
A wizard opens. Choose the platform that matches your host: Linux, macOS, Windows, Docker container, or Kubernetes. Each platform shows different install instructions on the next step.
WhereAgents → + Add agent → Platform selector - 3
Name the agent and generate the API key
Type a clear hostname (e.g. "prod-web-01"). Click "Generate API key" — a workspace-scoped key appears below. Copy it now; it is only shown once. This key authenticates the agent when it connects.
WhereWizard → Name + Generate API key + CopyTipStore the key in a secret manager or your config-management vault — do NOT commit it to git.
- 4
Copy the install command and run it on the host
The wizard shows a single curl command that downloads the agent binary, installs the systemd service, and creates the default config file. SSH into your host, paste the command, and run it as root. It finishes in under a minute on most systems.
WhereWizard → Install command (Copy) - 5
Paste the API key into the agent config
After install, edit the config file (the wizard tells you the exact path — usually /etc/appstatus/agent.yaml). Paste the API key into the workspace_api_key field. Save the file and restart the agent service so it picks up the new key.
WhereOn the host → /etc/appstatus/agent.yaml → workspace_api_key - 6
Enable the collectors you want
The default config enables System, Process and Logs. To capture more, flip on additional collectors in the config (see the options table below for what each one does). Most teams enable System, Process, Logs, Docker and Security in production.
WhereConfig → collectors section → enabled: true per collector - 7
Watch the agent come online
Back in the AppStatus UI, refresh the Agents page. Within 60 seconds your host appears with a green status dot. Click the row to open the detail page — CPU, memory, disk, network and process graphs start filling in.
WhereSidebar → Agents → click your host - 8
(Kubernetes) Use the Helm install instead
For Kubernetes the wizard shows a Helm install command instead. It deploys the agent as a DaemonSet — one pod per node — with the right RBAC, ConfigMap and Secret automatically. Within a minute every node shows in the Agents list.
WhereWizard → Platform: Kubernetes → Helm command
Configuration Options
Every option you can set, what each choice means, and what to pick. Use this as a reference while you fill in the form.
Collectors
Each collector is an on/off switch in the agent config. Enable only what you need — fewer collectors = lower resource usage on the host.
| Field | Options | What it does | Recommended |
|---|---|---|---|
| System | On / Off · interval 10s default | CPU, memory, disk, network, load average, uptime. | On — the foundation of host monitoring. |
| Process | On / Off · top N processes | Top N processes by CPU/memory with PID, user, threads, open file descriptors. | On with top_n: 50 in production. |
| Logs | On / Off · list of file paths | Tails specified log files; auto-detects severity (DEBUG/INFO/WARN/ERROR/FATAL). | On for /var/log/syslog + your app logs. |
| Docker | On / Off · socket path | Container CPU, memory, restart counts via the Docker socket. | On for any host running Docker. |
| Security | On / Off · auth log path | SSH attempts, brute force detection (5+ failures/IP), sudo usage, firewall events. | On for any internet-facing Linux host. |
| File integrity | On / Off · list of paths | Baseline + diff for sensitive directories; flags create/modify/delete/permission changes. | On for /etc, /usr/local/bin, /opt/app for compliance. |
| HTTP probe | On / Off · list of endpoints | Synthetic checks from inside the host — useful for endpoints not reachable from the public internet. | Off by default; on for internal-only services. |
| Sessions | On / Off | Active SSH/console sessions: user, terminal, source IP, idle time. | On for compliance audit trails. |
Connection options
| Field | Options | What it does | Recommended |
|---|---|---|---|
| Endpoint | agent.appstatus.io:443 (default) | The gRPC endpoint the agent connects to. | Default — only change for self-hosted setups. |
| TLS | Enabled / Disabled | Encrypts the gRPC stream end-to-end. | Always Enabled in production. |
| Labels | Key/value pairs (e.g. env=prod, team=backend) | Free-form tags used for dashboard grouping and filtering. | At minimum: env (prod/staging) and role (web/db/worker). |
Feature Reference
Every feature, where to find it in the app, and what it does. Use this when you know what you want to do but not where it lives.
| Feature | Where in app | Description |
|---|---|---|
| Register agent | Sidebar → Agents → + Add agent | Opens the install wizard, generates an API key. |
| Install on Linux/macOS | Wizard → Linux/macOS → Copy install command | One-line curl installer with systemd unit and default config. |
| Install on Windows | Wizard → Windows → Download MSI | MSI installer that drops a Windows service. |
| Install on Docker | Wizard → Docker → Copy docker run command | Container image with the right host mounts pre-configured. |
| Install on Kubernetes | Wizard → Kubernetes → Copy Helm command | DaemonSet + RBAC + Secret via the official Helm chart. |
| Enable a collector | On the host → /etc/appstatus/agent.yaml | Flip enabled: true on the collector and restart the service. |
| View agent metrics | Agents → click host → Metrics tab | Live CPU, memory, disk, network, processes, Docker containers. |
| View logs | Agents → click host → Logs tab | Streamed log lines with severity, source file and timestamp. |
| View security events | Agents → click host → Security tab | SSH attempts, brute force, sudo, firewall events. |
| Labels | Agent config → agent.labels | Key/value tags for dashboard grouping (env, region, team). |
| Restart agent | On the host → systemctl restart appstatus-agent | Picks up config changes; takes about 5 seconds. |
Next Steps
After the Agent is installed:
Set up Monitors
Create endpoint and infrastructure health checks.
Configure Alerts
Build notification channels and escalation policies.
Manage Incidents
Run structured incident lifecycle from detection to closure.
Publish Status Pages
Communicate service availability to stakeholders.
Set up Heartbeats
Track scheduled jobs and detect missed executions.
Team Governance
Manage workspace roles and operational ownership.