Manual Installation
Check system requirements for application server, database server, and software components.
Get approved to receive Enginsight and request Docker credentials. Email [email protected].
Database server
Install MongoDB.
Configure the database (especially set up replica set).
Application server
Install Docker.
Install Docker Compose.
Install Enginsight.
Set up the DNS name for app and sensors.
Take care of securing via SSL/TLS certificate.
Configure your On-Premises instance.
Roll out the software components as sensors.
Make sure that the latest version of Docker Compose is always installed. In addition, do not install Docker via Snap or when installing the operating system, but only install Docker from the package sources in the official instructions.
Database Server: Config MongoDB
Start MongoDB if it does not start automatically.
sudo systemctl enable mongod && sudo systemctl start mongod
Open the file
/etc/mongod.conf
in an editor of your choice, for examplenano
.
sudo nano /etc/mongod.conf
Change the net section as follows so that MongoDB is accessible from outside.
net:
port: 27017
bindIp: 0.0.0.0
Set up the replica set as follows to allow the database to push information to the API.
replication:
replSetName: "rs0"
Save the configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).
If the database is not running in replica mode, many Enginsight functions will not work correctly.
Restart MongoDB.
sudo systemctl restart mongod
Open the MongoDB CLI.
sudo mongosh
Activate the replica set. For
<public DB IP>
, enter the IP of the database server that can be reached from the application server.
rs.initiate( {
_id : "rs0",
members: [
{ _id: 0, host: "<PUBLIC_DB_IP>:27017" }
]
})
Check if the replica sets are active.
rs.status()
If the configuration is correct, you will see the prompt after executing the command:
rs0:PRIMARY>
Close the Mongo interface.
quit()
Secure the database with
iptables
.
This step is important to ensure the security of the Enginsight software. It results in only the application being able to access MongoDB. Unauthorized access is prevented.
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s 127.0.0.1 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s <APP_SERVER_IP> -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s <DB_SERVER_IP> -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -j DROP
Save the rules and make sure they are loaded at every restart.
sudo apt-get install -y iptables-persistent
Application Server: Install Enginsight
Make sure that you have the latest version of Docker and Docker Compose installed.
The current version numbers can be found here: Docker Engine, Docker Compose.
sudo docker version
sudo docker-compose -v
Do not install Docker via Snap or when installing the operating system. Only install Docker from the package sources in the official guide.
Log in to Docker.
sudo docker login registry.enginsight.com
You receive the credentials from us.
Create a directory and clone Enginsight.
sudo mkdir -p /opt/enginsight && cd /opt/enginsight
git clone https://github.com/enginsight/enterprise.git
Execute the setup.
cd enterprise && ./sudo setup.sh
The installation may take a few moments. In the browser, open the application.
Once the installation is complete, you can log in using the temporary login credentials. You can obtain them as follows:
sudo docker ps
Copy the ID of the
server-m2
module.sudo docker logs <CONTAINER_ID>
(Container ID of the “server-m2” container, which can be determined via
docker ps
.)The credentials for the initial login will now be issued to you. Please save the initial login data.

Change the initial login data immediately after you have logged in for the first time.
To do this, go to Settings → User account. Adjust your e-mail address in the personal details and assign a new password under Password.
ATTENTION! Without a changed and saved password or saved intial password you will lose access to the Enginsight platform. Use a password manager!
Regulate the memory requirements of the Docker logs by limiting them to 100 Mb as follows:
sudo nano /etc/docker/daemon.json
Insert the following:
{ "log-driver": "json-file", "log-opts": { "max-size": "100,", "max-file": "30" } }
Restart Docker service:
sudo systemctl restart docker
Certificate
For a proper operation of the Enginsight application, the access via HTTPS is mandatory.
Install and configure nginx to set up an encrypted connection and enable HTTPS. You can get instructions here.
Buy and import license file
To use Enginsight OnPremises, you need a license file. Contact us to purchase a license package: [email protected]
You can import the license file under Settings → License.
Do you want to manage multiple organisations with Enginsight and use the multitenancy? Here you can find out, what you have to consider regarding the license.
Configure On-Premises instance
Configure your Enginsight on-premises installation.
Set up your mail server, to be able to send emails.
Enable 2-factor authentication, to secure login.
Adjust storage times, to keep data longer in the database.
Do white labeling, to customize the installation to your corporate identity.
Software Components
In addition to the Enginsight application, you can install other software components to take advantage of the full range of Enginsight features.
Pulsar Agent
Install Pulsar Agent on all servers and clients you want to monitor with Enginsight. Start with the servers on which you have installed Enginsight.
To learn how to install a Pulsar agent, click here.
Observer
The Observer is responsible for monitoring your endpoints from the outside. You can place multiple Observers at different points of the network (e.g. in different network segments) and Internet (e.g. different countries and continents).
You can learn how to add an Observer here.
Watchdog
A watchdog installed in a network segment can perform asset discovery. It is also responsible for agentless monitoring (ping and port monitoring, SNMP).
To learn how to add a watchdog, click here.
Hacktor
The Hacktor is a software component that can be installed on a specific network segment to perform penetration tests on reachable assets.
To learn how to add a Hacktor, click here.
Last updated
Was this helpful?