Linux Binary

This guide provides a secure, best-practice approach to installing and configuring the Qtap agent on Linux systems, independent from Qplane.

Prerequisites

Before installation, verify your environment's compatibility:

curl -sSL https://github.com/qpoint-io/preflight/releases/latest/download/preflight.sh | sudo bash

Requirements:

  • Linux host with kernel version 5.10+

  • x86_64 or arm64 architecture

  • Root/sudo access

Installation Methods

Automated Installation

The quickest way to install or update Qtap is via our installation script, which places Qtap into your path:

curl -s https://get.qpoint.io/install | sudo sh

Quick test (runs with default settings):

sudo qtap

Running sudo qtap without a configuration file starts Qtap with default settings (captures all egress traffic to stdout). This is useful for quick tests, but not recommended for production. You'll want to create a configuration file to:

  • Control what traffic to capture (filters, endpoints, direction)

  • Configure storage destinations (S3, Axiom, etc.)

  • Set up selective capture with rules (errors only, specific domains)

  • Define processing plugins and capture levels

See Configuration below and Configuration Documentation for details.

Manual Installation

For more control, you can manually install the binary:

  1. Download the appropriate binary for your architecture:

  2. Extract and install the binary:

  3. Test the installation:

    This runs Qtap with default settings. Press Ctrl+C to stop.

Default behavior: Running sudo qtap without arguments uses built-in defaults (captures all egress traffic to stdout). While this works for testing, you should create a configuration file before production use to control capture behavior, storage destinations, and processing rules.

Configuration Setup

Why you need a configuration file:

Qtap's configuration file (qpoint.yaml) allows you to:

  • Control what to capture: Filter by process, domain, direction (egress/ingress)

  • Define storage: Send data to S3, Axiom, or other destinations instead of stdout

  • Selective capture: Use rules to capture only errors, specific endpoints, or traffic patterns

  • Processing control: Choose capture levels (summary/details/full) and formats (text/json)

Without a config file, Qtap captures everything to stdout with no filtering - rarely what you want in production.

Configuration resources:

Creating Your Configuration File

  1. Create a standard configuration directory with appropriate permissions:

  2. Create your configuration file:

  3. Set appropriate permissions:

  4. For sensitive credentials (if applicable), create a separate environment file:

  5. Add any sensitive environment variables to this file:

Running as a Systemd Service

  1. Create a systemd service file:

  2. Reload systemd, enable and start the service:

Verification

  1. Check the service status:

  2. Verify the running version:

  3. Monitor the logs:

Updating Qtap Service

Installation Script

The quickest way to update Qtap is via our installation script:

  1. Stop the service:

  2. Download and install the new version:

  3. Restart the service:

  4. Verify the update:

Manually

  1. Stop the service:

  2. Download and install the new version:

  3. Restart the service:

  4. Verify the update:

Configuration Management Best Practices

  • Version Control: Track configuration changes in a version control system

  • Regular Backups: Include /etc/qtap in your backup strategy

  • Configuration Reviews: Implement a review process for configuration changes

  • Automation: Consider using configuration management tools (Ansible, Chef, Puppet) for deployment

Remember that Qtap requires root permissions to work properly due to its use of eBPF for traffic monitoring.

PreviousInstallationNextDocker Container

Last updated