Installation Required

This guide requires that you have installed VAST on Linux.

Please use the official systemd unit file from our VAST repository, unless your Linux distribution ships with a native one.

The vast.service provides a systemd service unit for running VAST as system service. The service is sandboxed and runs with limited privileges.

Prepare the Host System

Please note that all subsequent commands require root privileges. The service requires a user and group called vast. You can create them as follows.

useradd --system --user-group vast

Make sure that you don't grant any special rights to this user, i.e., do not enable sudo or other privileged commands for this user.

Once the user exists, you should create the directory for VAST's persistent data storage and change the permissions such that it is owned by the new vast user.

mkdir -p /var/lib/vast
chown -R vast:vast /var/lib/vast

The systemd unit passes a vast.yaml configuration file to the VAST process. Make sure that the new user can read the vast.yaml and change permissions if required.


Before you begin, find the line beginning with ExecStart= at the very bottom of the [Service] section in the unit file. Depending on your installation path you might need to change the location of the vast binary and configuration file.

ExecStart=/path/to/vast --config=/path/to/vast.yaml start

In case you plan to run a PCAP source directly inside the VAST server process via vast spawn source pcap, you need to make sure that the VAST process gets the required privileges to listen on the network interfaces.


Then link the unit file to your systemd search path.

systemctl link vast.service

To have the service start up automatically with system boot, you can enable it via systemd. Otherwise, just start it to run it immediately.

systemctl enable vast
systemctl start vast