Can I perform a custom installation with command line parameters?

Windows Group Policy and Linux installers can be used with command line parameters when you can't use the default settings, such as proxy IP address detection or your Dynatrace environment ID. Using parameters to control installers is not necessary in most scenarios because the installer package you download detects proxy settings and knows the address of your Dynatrace server.

You can provide Windows MSI and Linux installers with the following parameters. These parameters are valid for the AIX installer as well, with the exception of INFRA_ONLY.

SERVER—The address of the Dynatrace Server. Use the IP address or a name. Add the port number following a colon, for example

TENANT—Your Dynatrace environment ID. You received this ID with your activation email. By default, this setting is already set to the correct value. If you're selling Dynatrace-based services, use this option to set your customers' IDs (available from the pool of IDs you purchased from Dynatrace).

TENANT_TOKEN—The internal token that is used for authentication when OneAgent connects to the Dynatrace cluster to send data. You can retrieve the tenant token from the following REST endpoint. In return, you will get a JSON object that will include the TENANT_TOKEN.


Be sure to replace <ENVIRONMENTID> and <API_TOKEN> with the proper values.

PROXY—The address of the proxy server. Use the IP address or a name. Add the port number following a colon, for example We also support IPv6 addresses. Skip the PROXY parameter to force the installer to auto detect or ask for proxy details. If you want the installer to ignore proxy detection or want to skip entering proxy details, type NO_PROXY as the PROXY parameter value.

APP_LOG_CONTENT_ACCESS—When set to true, allows Dynatrace OneAgent to access log files for the purpose of log analytics. You have the option of defining this during setting during installation via the OneAgent installer. Accepted values are (true, false) or (1, 0).

INSTALL_PATH—allows installation to a different directory. For example on Linux: /bin/sh INSTALL_PATH=/data/dynatrace/. When this parameter is used, the installer creates the symbolic link /opt/dynatrace/oneagent -> /data/dynatrace and all OneAgent files are placed in the specified directory (in this example, /data/dynatrace). Note that this symbolic link needs to be removed manually, once OneAgent has been uninstalled. Using this parameter on Linux when SELinux is enabled requires the semanage binary to be available on your system.

INFRA_ONLY—Activates cloud infrastructure monitoring mode, in place of full-stack monitoring mode. With this approach, you receive infrastructure-only health data, with no application or user performance data. For details, see Cloud infrastructure monitoring. Accepted values are 0 (deactivated) and 1 (activated).


All parameters are optional. If you don't include them when using the MSI installer, OneAgent installation won't fail. However, OneAgent won't be able to communicate with Dynatrace Server.

Additional parameters

The OneAgent installer for Linux works like any other script. Use it in any way you see fit, including within advanced configuration management systems such as Chef or Puppet.

The Linux script accepts additional parameters related to security policies and custom installation directories:

-p—preserves SELinux policy sources after compilation. We want to be as transparent as possible. With this parameter enabled, you can see what we do to ensure that your security policy isn't violated. Go to /opt/dynatrace/oneagent/SELinuxPolicy to begin investigating.

-n—makes the installer skip SELinux policy installation. If you use this parameter and SELinux policy is active on your system, you'll need to create a custom policy rule for OneAgent yourself. Note that you don't have to use this parameter if SELinux is disabled on your server.


For Dynatrace OneAgent versions 102 and earlier, your security policy can be found at /opt/ruxit/SELinuxPolicy.

USER—specifies the name of the unprivileged (non-root) user, which is used by unprivileged OneAgent processes. Unprivileged processes are those that don't need root privileges. These processes on Linux are called Network OneAgent and Plugin OneAgent. The default behavior is that the Dynatrace installer uses dtuser for the name of the unprivileged user. If USER=<username> parameter is specified, then the installer uses <username> as the name of the unprivileged user.
In both cases, the Dynatrace installer checks whether a required user (dtuser or specified by USER parameter) already exists in the system. If a user and a group with the same name exists and this user belongs to that group, then this user is used to start the Network OneAgent and the Plugin OneAgent processes. If a user doesn't exist, then the Dynatrace installer creates this user and group and later starts these unprivileged processes with this new user. If a user exists in the system but doesn't belong to a group with the same name, then the installation is aborted—the option of not assigning a group with the same name to this user's account isn't supported.


  • The uninstall process doesn't delete the unprivileged user from the system (whether or not it's dtuser or specified by the USER parameter).
  • The unprivileged username is preserved during upgrades, unless a new username is specified during upgrade.