Quick Start
Clone, bring up the stack, sign in, enroll an agent, see logs. About five minutes if you've got Podman or Docker installed.
Heads up: the default config works out-of-the-box for evaluation but ships with simple passwords for Postgres/Redis. Before exposing this to anything you care about, override them in deploy/env/*.local — see Detailed Setup.
1. Clone & start the stack
# Download and extract the AethonLog source archive (link from aethonlog.com).
curl -fLO https://aethonlog.com/releases/aethonlog-latest.tar.gz
tar -xzf aethonlog-latest.tar.gz
cd aethonlog
# Bring the stack up — pre-built images, no local build step required.
podman compose -f deploy/compose.yaml up -dFirst run pulls ~2.4 GB of images (the 7 AethonLog services plus Redpanda, OpenSearch, Postgres, Redis). Figure 2–5 minutes on a decent connection. Subsequent restarts are 5–10 seconds.
2. Verify it's healthy
curl http://localhost:8080/healthz
curl http://localhost:8080/readyzhealthz returns 200 as soon as the API server is up; readyz waits until PostgreSQL, OpenSearch, Redis, and Redpanda are all connected. If readyz hangs, run podman compose ps and check which service is sad.
3. First-run wizard
Browse to http://localhost:8080. AethonLog detects there are no tenants yet and shows the bootstrap form. Fill in:
- Organization name — your team/company, used as the tenant display name
- Your name — admin display name
- Email — login address
- Password — minimum 8 characters
Submit. AethonLog atomically creates the tenant + your platform-admin user, signs you in, and lands you on the dashboard. The setup page is permanently disabled after this — subsequent users come in via signup / SSO.
4. Enroll your first agent
In the UI: Agents → Enrollment Tokens → Create Token. Give it a name (e.g. laptop), optionally set an expiry, copy the token.
On the machine you want to monitor:
Linux
curl -sSf http://YOUR_SERVER:8080/install.sh | \
sudo bash -s -- --token YOUR_ENROLLMENT_TOKENDrops the agent binary at /usr/local/bin/aethonlog-agent, writes /etc/aethonlog/agent.yaml, creates a systemd unit, and starts it.
macOS
curl -sSf http://YOUR_SERVER:8080/install.sh | \
sudo bash -s -- --token YOUR_ENROLLMENT_TOKENDrops the agent binary at /usr/local/bin/aethonlog-agent, writes /etc/aethonlog/agent.yaml, creates a launchd plist at /Library/LaunchDaemons/com.aethonlog.agent.plist, and starts it.
Manual download (Gatekeeper) — if you click the agent download in a browser instead of piping the install script, macOS attaches the com.apple.quarantine extended attribute and Gatekeeper will refuse to launch the unsigned binary. Strip it:
xattr -d com.apple.quarantine ~/Downloads/aethonlog-agent-darwin-*
chmod +x ~/Downloads/aethonlog-agent-darwin-*Or use the install.sh path above — curl-piped downloads aren't quarantined.
Windows
Run in an elevated PowerShell:
irm http://YOUR_SERVER:8080/install.ps1 | iexThe script prompts for the enrollment token, then installs the service.
5. See your logs
In the UI, click Log Explorer. Within 10–15 seconds of the agent starting, you should see events streaming in. Try:
- Live tail — top-right toggle, shows new events as they land
- Filter by host — click the host name to add a filter chip
- Search — try
error OR warnin the query bar
What's next
- Send a second source — point a syslog client at
localhost:1514(TCP or UDP), or POST to/api/v1/ingest. - Create an alert — Alerts → New Rule; e.g. "if more than 50 sshd auth failures in 5 minutes, page on-call".
- Invite teammates — Admin → Users; or wire SSO under Admin → Authentication.
- Read the platform docs — they ship with the install, browse to
http://localhost:8080/docs/for the full reference.
Stopping & cleaning up
# Stop everything (data preserved)
podman compose -f deploy/compose.yaml down
# Stop AND wipe all data volumes
podman compose -f deploy/compose.yaml down -vReady for a real deployment? Detailed Setup covers env vars, TLS, scaling, backup, retention policies, and the production checklist.