XDR Collector Installation Resource for Windows and Linux

Cortex® XDR Collector installation resource for Windows and Linux.
The following table provides valuable information about the XDR Collector installation for Windows and Linux.
Installation Component
Default Path
Description
Related Files/Services
Installation folder
  • Windows
    %PROGRAMFILES%\Palo Alto Networks\XDR Collector
  • Linux
    /opt/paloaltonetworks/xdr-collector
The default installation path for the XDR Collector. Contains all Program Core files and executables.
  • Windows
    • Service name—
      XDR Collector
    • Process name—
      xdrcollectorsvc.exe
  • Linux
    • Service name—
      xcd
    • Process name—
      xdr-collector.service
Logs
  • Windows
    %PROGRAMDATA%\XDR Collector\logs
  • Linux
    /opt/paloaltonetworks/xdr-collector/logs
Contains the XDR Collector application Log as well as the Filebeat application log. Indicates information, warnings, and errors related to the XDR Collector application.
For both Windows and Linux:
  • scouter.log
  • filebeat
Configuration
  • Windows
    %PROGRAMFILES%\Palo Alto Networks\XDR Collector\config
  • Linux
    /opt/paloaltonetworks/xdr-collector/config
Contains the configuration file of the XDR Collector for both Windows and Linux.
For both Windows and Linux, the file name is
XDR_Collector.xml
.
Persistence
  • Windows
    %PROGRAMDATA%\XDR Collector\OSPersistence
  • Linux
    /etc/panw/OSPersistence/
Contains the Operating System persistence file for the XDR Collector, which issued as part of the registration process.
For both Windows and Linux, the file name is
.scouter.json
.

Recommended For You