Manual Installation

  1. Check system requirements for application server, database server, and software components.

  2. Get approved to receive Enginsight and request Docker credentials. Email

  3. Database server

    1. Install MongoDB.

    2. Configure the database (especially set up replica set).

  4. Application server

    1. Install Docker.

    2. Install Enginsight.

  5. Take care of securing via SSL/TLS certificate.

  6. Configure your On-Premises instance.

  7. Roll out the software components as sensors.

Achten Sie darauf, dass in jedem Fall die aktuelle Version von Docker Compose installiert ist. Installieren Sie zudem Docker nicht über Snap oder bei der Installation des Betriebssystems, sondern installieren Sie Docker ausschließlich aus den Paketquellen der offiziellen Anleitung.

Database Server: Config MongoDB

1.Make sure that you have root privileges. If this is not the case, log in as superuser.

su - root

2. Start MongoDB if it does not start automatically.

systemctl enable mongod && systemctl start mongod

3. Open the file /etc/mongod.conf in an editor of your choice, for example nano.

nano /etc/mongod.conf

4. Change the net section as follows so that MongoDB is accessible from outside.

  port: 27017

5. Set up the replica set as follows to allow the database to push information to the API.

   replSetName: "rs0"

Save the configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).

If the database is not running in replica mode, many Enginsight functions will not work correctly.

6. Restart MongoDB.

systemctl restart mongod

7. Open the MongoDB CLI.


8. Activate the replica set. For <public DB IP>, enter the IP of the database server that can be reached from the application server.

rs.initiate( {
   _id : "rs0",
   members: [
      { _id: 0, host: "<public DB IP>:27017" }

9. Check if the replica sets are active.


If the configuration is correct, you will see the prompt after executing the command:


10. Close the Mongo interface.


11. Secure the database with iptables.

This step is important to ensure the security of the Enginsight software. It results in only the application being able to access MongoDB. Unauthorized access is prevented.

Replace <APP IP> with the application server IP reachable from the database. Replace <DB IP> with the IP of the database server reachable from the application.

sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s <APP IP> -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s <DB IP> -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -j DROP

12. Save the rules and make sure they are loaded at every restart.

apt-get install -y iptables-persistent

Application Server: Install Enginsight

1.Make sure that you have root privileges. If this is not the case, log in as superuser.

su - root

2. Make sure that you have the latest version of Docker and Docker Compose installed.

The current version numbers can be found here: Docker Engine, Docker Compose.

docker version
docker-compose -v

Do not install Docker via Snap or when installing the operating system. Only install Docker from the package sources in the official guide.

3. Log in to Docker.

docker login

You receive the credentials from us.

If problems occur during authentication, check whether a current gpg2 key is available and generate it automatically if necessary:

apt install gnupg2 gpg2 --gen-key

4. Create a directory and clone Enginsight.

mkdir -p /opt/enginsight && cd /opt/enginsight
git clone

5. Execute the setup.

cd enterprise && ./

6. The installation may take a few moments. In the browser, open the application.

7. Once the installation is complete, you can log in using the temporary login credentials. You can obtain them as follows:

docker ps

Copy the ID of the server-m2 module.

docker logs <insert ID>

The credentials for the initial login will now be issued to you. Please save the initial login data.

Change the initial login data immediately after you have logged in for the first time.

To do this, go to SettingsUser account. Adjust your e-mail address in the personal details and assign a new password under Password.

ATTENTION! ****Without a changed and saved password or saved intial password you will lose access to the Enginsight platform. Use a password manager!

Set up DNS name for app and sensors

If you adjust a configuration file on the application server, must always be executed afterwards. Only then the settings will take effect.

1.Open the configuration file in an editor of your choice, for example nano.

nano /opt/enginsight/enterprise/conf/services/config.json

In the app section, replace the IP address of the application server with its DNS name.

"app": {
    "host": "<DNS Name>"

Save the new configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).

2. Navigate to /opt/enginsight/enterprise.

cd /opt/enginsight/enterprise

3. Restart the application.



For a proper operation of the Enginsight application, the access via HTTPS is mandatory.

Install and configure nginx to set up an encrypted connection and enable HTTPS. You can get instructions here.

Buy and import license file

To use Enginsight OnPremises, you need a license file. Contact us to purchase a license package:

You can import the license file under SettingsLicense.

Do you want to manage multiple organisations with Enginsight and use the multitenancy? Here you can find out, what you have to consider regarding the license.

Configure On-Premises instance

Configure your Enginsight on-premises installation.

Software Components

In addition to the Enginsight application, you can install other software components to take advantage of the full range of Enginsight features.

Pulsar Agent

Install Pulsar Agent on all servers and clients you want to monitor with Enginsight. Start with the servers on which you have installed Enginsight.

To learn how to install a Pulsar agent, click here.


The Observer is responsible for monitoring your endpoints from the outside. You can place multiple Observers at different points of the network (e.g. in different network segments) and Internet (e.g. different countries and continents).

You can learn how to add an Observer here.


A watchdog installed in a network segment can perform asset discovery. It is also responsible for agentless monitoring (ping and port monitoring, SNMP).

To learn how to add a watchdog, click here.


The Hacktor is a software component that can be installed on a specific network segment to perform penetration tests on reachable assets.

To learn how to add a Hacktor, click here.

Last updated