- Go 1.21+
- macOS or Linux
Debian/Ubuntu:
apt-get install libpcap-devFedora/RHEL:
dnf install libpcap-develmacOS: No additional packages required.
git clone https://github.com/knostic/agentsonar
cd agentsonar
go mod downloadBuild the binary, then set up packet capture (see below). To do both in one step:
make setup-bpf # builds and runs agentsonar installAutomated setup (after building):
make setup-bpf # build + run agentsonar install
# or, if already built:
./bin/agentsonar installCreates access_bpf group and sets /dev/bpf* permissions.
Manual setup:
sudo dseditgroup -o create access_bpf
sudo dseditgroup -o edit -a $USER -t user access_bpf
sudo chgrp access_bpf /dev/bpf*
sudo chmod g+rw /dev/bpf*BPF device permissions reset on reboot. See scripts/ for a LaunchDaemon that restores them automatically.
Sets capabilities on the binary. Requires libcap2-bin (Debian/Ubuntu) or libcap (Fedora/RHEL) for setcap.
Manual setup:
sudo setcap cap_net_raw,cap_net_admin=eip /path/to/agentsonarLog out and back in for group membership to take effect.
Run agentsonar doctor to verify permissions.
make build # production binary → bin/agentsonar
make dev # dev build (-tags dev, e.g. extra logging / nuke) → bin/agentsonar
make install # build and copy to /usr/local/bin
make clean # remove bin/
make tidy # go mod tidyTypical workflow: use make dev while developing, run make test to verify, then make build for a release binary.
make test # go test -v ./...cmd/agentsonar/ # CLI entrypoint
internal/ # internal packages
docs/ # documentation
Dev builds (make dev) include:
agentsonar nuke- clear database