XDR Collectors Installation Resource for Windows and Linux - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-10-31
Last date published
2024-03-27
Category
Administrator Guide
Abstract

Cortex XDR Collectors installation resource for Windows and Linux.

The following table provides valuable information about the XDR Collectors installation for Windows and Linux.

Installation Component

Default Path

Description

Related Files/Services

Installation folder

  • Windows

    %PROGRAMFILES%\Palo Alto Networks\XDR Collector

  • Linux

    /opt/paloaltonetworks/xdr-collector

The default installation path for the XDR Collector. Contains all Program Core files and executables.

  • Windows

    • Service name—XDR Collector

    • Process name—xdrcollectorsvc.exe

  • Linux

    • Service name—xcd

    • Process name—xdr-collector.service

Logs

  • Windows

    %PROGRAMDATA%\XDR Collector\logs

  • Linux

    /opt/paloaltonetworks/xdr-collector/logs

  • Windows—Contains the XDR Collector application Log, the Filebeat application log, and the Winlogbeat application log. Indicates information, warnings, and errors related to the XDR Collector application.

  • Linux—Contains the XDR Collector application Log as well as the Filebeat application log. Indicates information, warnings, and errors related to the XDR Collector application.

Contains the XDR Collector application Log as well as the Filebeat application log. Indicates information, warnings, and errors related to the XDR Collector application.

  • Windows

    • scouter.log

    • filebeat

    • winlogbeat

  • Linux

    • scouter.log

    • filebeat

Configuration

  • Windows

    %PROGRAMFILES%\Palo Alto Networks\XDR Collector\config

  • Linux

    /opt/paloaltonetworks/xdr-collector/config

Contains the configuration file of the XDR Collector for both Windows and Linux.

For both Windows and Linux, the file name is XDR_Collector.xml.

Persistence

  • Windows

    %PROGRAMDATA%\XDR Collector\OSPersistence

  • Linux

    /etc/panw/OSPersistence/

Contains the Operating System persistence file for the XDR Collector, which issued as part of the registration process.

For both Windows and Linux, the file name is .scouter.json.