Installing Tracee

This guide walks you through installing and setting up Tracee in your environment.

📋 Before You Start

System Requirements

Before installing Tracee, ensure your system meets the necessary requirements:

• Prerequisites - Operating system, kernel version, BTF, and capability requirements
• Kernel Symbols - Kernel symbol table details and configuration
• OS Requirements - OS release file and kernel config requirements
• Capabilities - Running Tracee with proper Linux capabilities
• LSM BPF Support - Linux Security Module BPF support (optional)
• Mac Users FAQ - Running Tracee on macOS (spoiler: you'll need a Linux VM or container)

Quick Compatibility Check

Tracee requires Linux kernel 5.4+ (or 4.18 for RHEL 8) with BTF support. Check /sys/kernel/btf/vmlinux exists and /proc/kallsyms is available.

🚀 Installation Methods

Download Options

Tracee is available through multiple distribution channels:

1. Binary releases: GitHub Releases
2. Container images: Docker Hub - aquasec/tracee
3. Helm charts: Aqua Security's Helm repository - https://aquasecurity.github.io/helm-charts/

Tracee may also be available in various community-managed package managers.

Quick Start Guides

Choose your deployment method:

• Docker Installation - Run Tracee as a Docker container (fastest way to get started)
• Kubernetes Installation - Deploy Tracee on Kubernetes clusters with Helm

⚙️ Post-Installation Setup

After installing Tracee, configure it for your environment:

Container Integration

• Container Runtime Detection - Configure Tracee to detect and enrich events from Docker, Containerd, CRI-O, or Podman

Configuration

• Configuration Guide - Complete configuration reference for CLI and Kubernetes deployments
• CLI Configuration - Configure Tracee command-line tool
• Kubernetes Configuration - Configure Tracee in Kubernetes

Monitoring & Observability

• Health Monitoring - Enable health check endpoints for monitoring
• Prometheus Integration - Enable metrics collection and export to Prometheus

🔍 Next Steps

After installation:

1. Learn about policies: Read the Policies Guide to define what to monitor
2. Explore events: Check out Events Documentation to understand available events
3. Configure outputs: Set up Output formats for your monitoring stack

💡 Troubleshooting

Having issues during installation or setup? Check our Troubleshooting Guide for common solutions.

For help and support, visit:

• GitHub Discussions
• Slack Community