Install the XDR Collector Installation Package for Linux

Learn how to install the Cortex® XDR™ Collector on Linux collector machines.
You can install the XDR Collector using three available packages for a Linux installation—Linux RPM, Linux DEB, and Linux SH. You can install the Cortex XDR Collector package on any Linux server, including a physical or virtual machine, and as temporary sessions.
One can install XDR Collector in any linux server period, whether its a physical or virtual machine. Temporary sessions can be in either of them
We recommend that you perform a Linux RPM or Linux DEB installation.
Before completing this task, ensure that you create and download a XDR Collector installation package in Cortex XDR.
To install the XDR Collector installation package for Linux.
  1. Log on to the Linux server.
    For example:
    user@local ~ $
    ssh root@ubuntu.example.com
    Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-1041-aws x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Get cloud support with Ubuntu Advantage Cloud Guest: http://www.ubuntu.com/business/services/cloud 0 packages can be updated. 0 updates are security updates. Last login: Tue Aug 26 22:14:15 2021 from 192.168.1.100
  2. Install the Cortex XDR Collector software.
    You can install the Cortex XDR Collector on the collector machine manually using the shell installer or using the Linux package manager for
    .rpm
    and
    .deb
    installers.
    To deploy using package manager:
    1. Depending on your Linux distribution, install the Cortex XDR Collector using one of the following commands:
      Distribution
      Install Command
      RHEL, CentOS, or Oracle
      • yum install ./
        filename
        .rpm
      • rpm -i ./
        filename
        .rpm
      Ubuntu or Debian
      • apt-get install ./
        filename
        .deb
      • dpkg -i ./
        filename
        .deb
      SUSE
      • zypper install ./
        filename
        .rpm
      • rpm -i ./
        filename
        .rpm
    2. Verify the XDR Collector was installed on the collector machine.
      Enter the following command on the collector machine:
      dpkg -l | grep xdr-collector
      or
      rpm -qa | grep xdr-collector
      .
    To deploy the shell installer:
    1. Enable execution of the script using the
      chmod +x
      filename
      command.
    2. Run the install script as root or with root permissions.
      For example:
      root@ubuntu:/home#
      chmod +x linux.sh
      root@ubuntu:/home#
      ./linux.sh
      Verifying archive integrity... All good. Uncompressing XDR-Collector version 1.0.0.467 100% Systemd: starting xdr-collector service Synchronizing state of xdr-collector.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable xdr-collector Created symlink /etc/systemd/system/multi-user.target.wants/xdr-collector.service→ /lib/systemd/system/xdr-collector.service.
      Additional options are available to help you customize your installation if needed. The following table describes common options and parameters.
      If you are using
      rpm
      or
      deb
      installers, you must also add these parameters to the
      /etc/panw/collector.conf
      file prior to installation.
      Option
      Description
      --proxy-list ”
      <proxyserver>
      :
      <port>
      Proxy Communication
      Configure the Cortex XDR Collector to communicate through an intermediary such as a proxy.
      To enable the XDR Collector to direct communication to an intermediary, you use this installation option to assign the IP address and port number you want the Cortex XDR Collector to use. You can also configure the proxy by entering the FQDN and port number. When you enter the FQDN, you can use both lowercase and uppercase letters. Avoid using special characters or spaces.
      Use commas to separate multiple addresses. For example:
      --proxy-list "My.Network.Name:808, 10.196.20.244:8080"
      After the initial installation, you can change the proxy settings from using the configuration XML.
      The Cortex XDR Collector does not support proxy communication in environments where proxy authentication is required.
      --data-path
      <directory path>
      Directory Path
      The path for persistence, content, Filebeat application data, and transaction data.
      --data–path=/tmp/xdrLog
      If the Cortex XDR Collector does not connect to Cortex XDR, verify your Internet connection on the collector machine. If the XDR Collector still does not connect, verify the installation package has not been removed from the Cortex XDR management console.

Recommended For You