Audit Agent Installation

What is the Audit Agent?

The Audit Agent is a very small PHP file that must be installed on your server(s) that contain the Magento instance that you wish to scan.

The PHP file is not installed within the Magento codebase itself - it is not a module. It can be installed anywhere on the server, but ideally it should be located outside of the directory where Magento is installed.

The Audit Agent is responsible for collecting data about the Magento instance and the server itself. This data is sent to our central platform where this is analysed in real-time.

What information is collected?

The Audit Agent collects the following information:

  • Magento configuration - The current configuration and historic configuration changes are collected from the core_config_data database table, modules' config.xml files and other sources.
  • Server information - The system load, public IP address, PHP version, number of CPUs, number of cores, storage free space.
  • Module information - The names of all installed modules, with the version number.
  • Magento product - version number and edition.
  • Data - It accesses the database to calculate the amount of data in the Magento instance (for example, orders, invoices, shipments, customers, products, attributes, CMS content, subscribers, B2B).
  • Security information - Data about the current list of admin users is collected in order to determine admin panel security. If you are using the Professional Edition of AuditIQ, then a security scan is performed on the codebase to detect vulnerabilities and malware that might have been installed.

The Audit Agent does NOT transfer any raw data, website/module code, or personal information to our central platform. Instead, it transfers information about the data and configuration that it finds.

Where should Audit Agent be installed?

The Audit Agent should be installed on every server where the Magento codebase operates from. Therefore, if there are multiple server nodes, then it should be installed on all of them. It can also be installed on associated servers where Magento is not installed, but where those servers are part of the hosting solution (for example, database, Redis, RabbitMQ instances).

Operational modes

Cron is used on the node in order to execute the Audit Agent periodically. The frequency is determined by the operational mode.

The Audit Agent is capable of multiple operational modes depending upon the type of purpose of the node, as follow:

  • Magento - Configuration, modules, server and data is collected.
  • Infrastructure - Only server data such as CPU load and free storage is collected.
  • Security - Only security information is collected.

Use case: Single server

In this case, you would run the Audit Agent on three indepdent cron schedules, as follows:

  • Magento - Once per day.
  • Infrastructure - Every 5 minutes.
  • Security - Every hour.

Use case: Multiple servers

In this case, you would have the Audit Agent installed on each server node, and this might be configured as follows:

Web node

  • Infrastructure - Every 5 minutes.
  • Security - Every hour.

Cron node

  • Magento - Once per day.
  • Infrastructure - Every 5 minutes.
  • Security - Every hour.

Database node

  • Infrastructure - Every 5 minutes.


  • Infrastructure - Every 5 minutes.


  • Infrastructure - Every 5 minutes.

System requirements

Each server node must meet the following requirements before you can install Audit Agent:

  • Operating Systems
    • Linux x86-64 distributions, such as Red Hat® Enterprise Linux (RHEL), CentOS, Ubuntu, Debian, and similar
  • Magento or Adobe Commerce 2.3 or later
  • Bash/shell commands
    • php
    • wget / curl
    • openssl
    • nice

Install the Audit Agent

We provide a shell script to simplify installation. If you are using the Professional Edition, then this will additionally install Sansec eEcomscan. However, if you are using Adobe Commerce Cloud, we have specific alternative documentation for you to follow.

For standard installation, please follow these steps:

  1. Download ane execute the shell script, as follows:
    curl -o- | bash
    wget -qO- | bash
  2. You will be prompted for various information, and this will result in instructions being provided that will enable you to configure cron so that the Audit Agent runs automatically. The flow of these questions can be visualised as follows: Installation visualisation

  3. One of the questions relates to whether you wish to enable "Configuration change tracking". If you accept this, then a database trigger is added to your MySQL database that monitors changes to the core_config_data database table (that contains the majority of a Magento website's configuration data). The changes are logged to a new table, and the information in that table is sent by the Audit Agent to our platform. This therefore enables you to receive an accurate log of configuration changes over time. More information is available.


Before proceeding with the "Configuration change tracking" option, you should take a database backup.

Installation use-case walkthough videos

Please review the following videos to see how the installation works in some common use cases.

1. Magento (without Sansec) 2. Magento (with Sansec)
3. Adobe Commerce Cloud 4. Infrastructure Only

Configure cron

When you have executed the shell script, it will provide you with the command that needs to be added to the server's crontab in order to schedule regular execution of the Audit Agent.