FIXEye Agent installation (Linux)

FIXEye Agent installation (Linux)

The guide below describes how to install FIXEye Agent on Linux servers using RPM, DEB, or ZIP packages. It also includes optional configuration for Consul integration.

Installation from rpm package (not applicable for RHEL systems)

  1. download latest package from https://clientspace.b2bits.com/product-36 (e.g., fixeye-agent-2.3.0.168-1.el7.x86_64.rpm)

  2. install rpm package on Centos

rpm -i fixeye-agent-2.3.0.168-1.el7.x86_64.rpm
  1. copy your fixeye-agent.license file into /etc/fixeye/ directory

  2. generate Fixeye CA and server certificate and private key and copy them (fixeye.key, fixeye.crt) into /etc/fixeye/ directory

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout fixeye.key -out fixeye.crt -subj '/C=UK/L=London/O=EPAM/OU=BFIX/CN=fixicch2.fixeye'

- replace '/C=UK/L=London/O=EPAM/OU=BFIX/CN=fixicch2.fixeye' with your company identity

  1. edit /etc/fixeye/fixeye-agent.config as follows 

-rest-port 8882 -rest-pkey "/etc/fixeye/fixeye.key" -rest-cert "/etc/fixeye/fixeye.crt" --propfile "/etc/fixeye/fixeye-agent.properties" -f "/var/lib/fixedge-java/*.in" "/var/lib/fixedge-java/*.out" --pidfile "/var/log/fixeye/fixeye-agent.pid" -licfile "/etc/fixeye/fixeye-agent.license"

where "/var/lib/fixedge-java/*.in" and "/var/lib/fixedge-java/*.out" are paths to FIXEdge sessions log files. They should be changed if the log files are located in some other directory.

  1. (Only for configuration with Consuladd below in the end of /etc/fixeye/fixeye-agent.properties

Consul.Enabled=true Consul.Host=localhost Consul.Port=8501 Consul.ReconnectInterval=1000 Consul.ServerName=ServerA Consul.Services.Host=localhost Consul.Services.HealthChecks.Interval=5 Consul.Services.HealthChecks.Timeout=5 Consul.SSL=true Consul.SSL.CertificateAuthority=/etc/fixeye/consul.crt
  1. (Only for configuration with Consul) copy consul certificate

cp /etc/consul.d/consul.crt /etc/fixeye/consul.crt chown -R fixeye:fixeye /etc/fixeye/
  1. enable and start fixeye-agent server:

systemctl enable --now fixeye-agent systemctl start fixeye-agent

 

Installation from rpm package (for RHEL systems)

  1. download latest package from https://clientspace.b2bits.com/product-36 (e.g., fixeye-agent-2.3.0.168-1.el7.x86_64.rpm)

  2. install rpm package on RHEL

rpm -i fixeye-agent-2.3.0.168-1.el7.x86_64.rpm
  1. copy your fixeye-agent.license file into /etc/fixeye/ directory

  2. generate Fixeye CA and server certificate and private key and copy them (fixeye.key, fixeye.crt) into /etc/fixeye/ directory

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout fixeye.key -out fixeye.crt -subj '/C=UK/L=London/O=EPAM/OU=BFIX/CN=fixicch2.fixeye'

- replace '/C=UK/L=London/O=EPAM/OU=BFIX/CN=fixicch2.fixeye' with your company identity

  1. edit /etc/fixeye/fixeye-agent.config as follows 

-rest-port 8882 -rest-pkey "/etc/fixeye/fixeye.key" -rest-cert "/etc/fixeye/fixeye.crt" --propfile "/etc/fixeye/fixeye-agent.properties" -f "/var/lib/fixedge-java/*.in" "/var/lib/fixedge-java/*.out" --pidfile "/var/log/fixeye/fixeye-agent.pid" -licfile "/etc/fixeye/fixeye-agent.license"

where "/var/lib/fixedge-java/*.in" and "/var/lib/fixedge-java/*.out" are paths to FIXEdge sessions log files. They should be changed if the log files are located in some other directory.

  1. (Only for configuration with Consuladd below in the end of /etc/fixeye/fixeye-agent.properties

Consul.Enabled=true Consul.Host=localhost Consul.Port=8501 Consul.ReconnectInterval=1000 Consul.ServerName=ServerA Consul.Services.Host=localhost Consul.Services.HealthChecks.Interval=5 Consul.Services.HealthChecks.Timeout=5 Consul.SSL=true Consul.SSL.CertificateAuthority=/etc/fixeye/consul.crt
  1. (Only for configuration with Consul) copy consul certificate

cp /etc/consul.d/consul.crt /etc/fixeye/consul.crt chown -R fixeye:fixeye /etc/fixeye/
  1. add fixeye user to the fixedge group

usermod -a -G fixedge fixeye
  1. copy service startup script

cp ./fixeye-agent /etc/init.d/fixeye-agent chmod +x /etc/init.d/fixeye-agent
  1. remove systemd unit

mv /usr/lib/systemd/system/fixeye-agent.service /usr/lib/systemd/system/fixeye-agent.service_backup
  1. enable fixeye-agent service

chkconfig --add fixeye-agent
  1. start fixeye-agent server and check service status

service fixeye-agent restart

 

Installation from deb package

  1. download latest package from https://clientspace.b2bits.com/product-36 (fixeye-agent-2.3.0.168-1.el7.x86_64.deb)

  2. install deb package on Ubuntu

sudo dpkg -i fixeye-agent-2.3.0.168-1.el7.x86_64.deb
  1. copy your fixeye-agent.license file into /etc/fixeye/ directory

  2. generate Fixeye CA and server certificate and private key and copy them (fixeye.key, fixeye.crt) into /etc/fixeye/ directory

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout fixeye.key -out fixeye.crt -subj '/C=UK/L=London/O=EPAM/OU=BFIX/CN=fixicch2.fixeye'

- replace '/C=UK/L=London/O=EPAM/OU=BFIX/CN=fixicch2.fixeye' with your company identity

  1. edit /etc/fixeye/fixeye-agent.config as follows 

-rest-port 8882 -rest-pkey "/etc/fixeye/fixeye.key" -rest-cert "/etc/fixeye/fixeye.crt" --propfile "/etc/fixeye/fixeye-agent.properties" -f "/var/lib/fixedge-java/*.in" "/var/lib/fixedge-java/*.out" --pidfile "/var/log/fixeye/fixeye-agent.pid" -licfile "/etc/fixeye/fixeye-agent.license"

where "/var/lib/fixedge-java/*.in" and "/var/lib/fixedge-java/*.out" are paths to FIXEdge sessions log files. They should be changed if the log files are located in some other directory.

  1. (Only for configuration with Consul) add below in the end of /etc/fixeye/fixeye-agent.properties

Consul.Enabled=true Consul.Host=localhost Consul.Port=8501 Consul.ReconnectInterval=1000 Consul.ServerName=ServerA Consul.Services.Host=localhost Consul.Services.HealthChecks.Interval=5 Consul.Services.HealthChecks.Timeout=5 Consul.SSL=true Consul.SSL.CertificateAuthority=/etc/fixeye/consul.crt
  1. (Only for configuration with Consul) copy consul certificate

cp /etc/consul.d/consul.crt /etc/fixeye/consul.crt chown -R fixeye:fixeye /etc/fixeye/
  1. enable and start fixeye-agent server:

systemctl enable --now fixeye-agent systemctl start fixeye-agent

 

Installation from zip package

  1. download latest package from https://clientspace.b2bits.com/product-36 (e.g., fixeye-agent-2.6.0.201.tar.gz)

  2. unpack it to the required directory

tar -xzvf fixeye-agent-2.6.0.201.tar.gz -C /etc/fixeye/
  1. copy your fixeye-agent.license file into /etc/fixeye/ directory

  2. generate Fixeye CA and server certificate and private key and copy them (fixeye.key, fixeye.crt) into /etc/fixeye/ directory

openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout fixeye.key -out fixeye.crt -subj '/C=UK/L=London/O=EPAM/OU=BFIX/CN=fixicch2.fixeye'

- replace '/C=UK/L=London/O=EPAM/OU=BFIX/CN=fixicch2.fixeye' with your company identity

  1. edit /etc/fixeye/fixeye-agent.config as follows 

-rest-port 8882 -rest-pkey "/etc/fixeye/fixeye.key" -rest-cert "/etc/fixeye/fixeye.crt" --propfile "/etc/fixeye/fixeye-agent.properties" -f "/var/lib/fixedge-java/*.in" "/var/lib/fixedge-java/*.out" --pidfile "/var/log/fixeye/fixeye-agent.pid" -licfile "/etc/fixeye/fixeye-agent.license"

where "/var/lib/fixedge-java/*.in" and "/var/lib/fixedge-java/*.out" are paths to FIXEdge sessions log files. They should be changed if the log files are located in some other directory.

  1. (Only for configuration with Consul) add below in the end of /etc/fixeye/fixeye-agent.properties

Consul.Enabled=true Consul.Host=localhost Consul.Port=8501 Consul.ReconnectInterval=1000 Consul.ServerName=ServerA Consul.Services.Host=localhost Consul.Services.HealthChecks.Interval=5 Consul.Services.HealthChecks.Timeout=5 Consul.SSL=true Consul.SSL.CertificateAuthority=/etc/fixeye/consul.crt
  1. (Only for configuration with Consul) copy consul certificate

cp /etc/consul.d/consul.crt /etc/fixeye/consul.crt chown -R fixeye:fixeye /etc/fixeye/
  1. start fixeye-agent:

/opt/fixeye/fixeye-agent

 

Consul configuration

To find the Consul installation instructions, please follow this link.

For non-production use, you can run the Consul in developer mode with the command: consul agent -dev.

For production use - please follow this link.

To configure the encrypted connection from FIXEye Agent to the Consul on the Consul side, please refer to this link.

 

Related articles

FIXEye User Guide

FIX Engine parameters#Loggingparameters