Create an instance for Ops Agent monitoring and logging
The Ops Agent collects telemetry
data for instances that you can then use for troubleshooting and performance
tuning.
Before you begin
If you haven't already, set up authentication.
Authentication verifies your identity for access to Trusted Cloud by S3NS services and APIs. To run
code or samples from a local development environment, you can authenticate to
Compute Engine by selecting one of the following options:
Select the tab for how you plan to use the samples on this page:
Console
When you use the Trusted Cloud console to access Trusted Cloud by S3NS services and
APIs, you don't need to set up authentication.
To get the permissions that
you need to create an instance for Ops Agent monitoring and logging,
ask your administrator to grant you the
following IAM roles on the project:
You can install the Ops Agent only on existing instances. To install Ops Agent
on individual instances or on a fleet of instances, you can use the
Trusted Cloud console, the gcloud CLI, or an automation tool.
For instructions, see
Install the Ops Agent.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eThe Ops Agent collects telemetry data for instances, aiding in troubleshooting and performance tuning.\u003c/p\u003e\n"],["\u003cp\u003eAuthentication to Google Cloud services and APIs is necessary, and can be done through the Google Cloud console, gcloud CLI, or REST API.\u003c/p\u003e\n"],["\u003cp\u003eCreating an instance for Ops Agent monitoring and logging can be done via the Google Cloud console by enabling the "Install the Ops Agent for Monitoring and Logging" option during instance creation.\u003c/p\u003e\n"],["\u003cp\u003eThe Ops Agent can also be installed on existing instances using the Google Cloud console, gcloud CLI, or an automation tool.\u003c/p\u003e\n"],["\u003cp\u003eTo install the agent, required roles include Compute Instance Admin (v1) and OSPolicyAssignment Editor.\u003c/p\u003e\n"]]],[],null,["# Create an instance for Ops Agent monitoring and logging\n\n*** ** * ** ***\n\nThe [Ops Agent](/stackdriver/docs/solutions/agents/ops-agent) collects telemetry data for instances that you can then use for troubleshooting and performance tuning.\n\nBefore you begin\n----------------\n\n- If you haven't already, set up [authentication](/compute/docs/authentication). Authentication verifies your identity for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:\n\n Select the tab for how you plan to use the samples on this page: \n\n ### Console\n\n\n When you use the Google Cloud console to access Google Cloud services and\n APIs, you don't need to set up authentication.\n\n ### gcloud\n\n 1.\n [Install](/sdk/docs/install) the Google Cloud CLI.\n\n After installation,\n [initialize](/sdk/docs/initializing) the Google Cloud CLI by running the following command:\n\n ```bash\n gcloud init\n ```\n\n\n If you're using an external identity provider (IdP), you must first\n [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n | **Note:** If you installed the gcloud CLI previously, make sure you have the latest version by running `gcloud components update`.\n 2. [Set a default region and zone](/compute/docs/gcloud-compute#set_default_zone_and_region_in_your_local_client).\n\n ### REST\n\n\n To use the REST API samples on this page in a local development environment, you use the\n credentials you provide to the gcloud CLI.\n 1. [Install](/sdk/docs/install) the Google Cloud CLI. After installation, [initialize](/sdk/docs/initializing) the Google Cloud CLI by running the following command: \n\n ```bash\n gcloud init\n ```\n 2. If you're using an external identity provider (IdP), you must first [sign in to the gcloud CLI with your federated identity](/iam/docs/workforce-log-in-gcloud).\n\n\n For more information, see\n [Authenticate for using REST](/docs/authentication/rest)\n in the Google Cloud authentication documentation.\n\n### Required roles\n\n\nTo get the permissions that\nyou need to create an instance for Ops Agent monitoring and logging,\n\nask your administrator to grant you the\nfollowing IAM roles on the project:\n\n- [Compute Instance Admin (v1)](/iam/docs/roles-permissions/compute#compute.instanceAdmin.v1) (`roles/compute.instanceAdmin.v1`)\n- To install the Ops Agent on the instance: [OSPolicyAssignment Editor](/iam/docs/roles-permissions/osconfig#osconfig.osPolicyAssignmentEditor) (`roles/osconfig.osPolicyAssignmentEditor`)\n\n\nFor more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\nYou might also be able to get\nthe required permissions through [custom\nroles](/iam/docs/creating-custom-roles) or other [predefined\nroles](/iam/docs/roles-overview#predefined).\n\nCreate an instance for the Ops Agent monitoring and logging\n-----------------------------------------------------------\n\nYou can create an instance that's configured for Ops Agent monitoring and\nlogging only by using the Google Cloud console. This section briefly describes how\nto install the Ops Agent while creating an instance. For more information, also\nsee [Install Ops Agent during instance creation](/stackdriver/docs/solutions/agents/ops-agent/install-agent-vm-creation).\n\n1. In the Google Cloud console, go to the **Create an instance** page.\n\n [Go to Create an instance](https://console.cloud.google.com/compute/instancesAdd)\n\n If prompted, select your project and click **Continue**.\n\n The **Create an instance** page appears and displays the\n **Machine configuration** pane.\n2. In the navigation pane, click **Observability** . The **Observability**\n pane appears.\n\n3. In the **Ops Agent** section, select the\n **Install the Ops Agent for Monitoring and Logging** checkbox.\n\n Selecting this checkbox enables VM Manager in limited\n capability mode and it creates an OS policy assignment for installing\n Ops Agent on the instance.\n4. Optional: Specify other configuration options. For more information, see\n [Configuration options during instance creation](/compute/docs/instances/instance-creation-overview#new-instance-configuration-options).\n\n5. To create and start the instance, click **Create**.\n\nInstall the Ops Agent on existing instances\n-------------------------------------------\n\nYou can use the Google Cloud console, the gcloud CLI, or an automation\ntool to install Ops Agent on a fleet of instances or on individual instances.\nFor detailed instructions, see\n[Install the Ops Agent](/stackdriver/docs/solutions/agents/ops-agent/install-index).\n| **Note:** If you install the Ops Agent, then you might be charged for the metrics and logs that the agent sends to your Google Cloud project. For more information, see [Google Cloud Observability pricing](/stackdriver/pricing).\n\nWhat's next\n-----------\n\n- Learn how to [check the status of an instance](/compute/docs/instances/instance-life-cycle) to see when it is ready to use.\n- Learn how to [connect to your instance0](/compute/docs/instances/connecting-to-instance)."]]
