XDR Collectors Installation Resource for Windows and Linux - Administrator Guide - Cortex XDR - Cortex

XDR Collectors Installation Resource for Windows and Linux - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product

Cortex XDR

License

Pro

Creation date

2023-03-22

Last date published

2023-09-27

Category

Administrator Guide

The following table provides valuable information about the XDR Collectors installation for Windows and Linux.

Installation Component	Default Path	Description	Related Files/Services
Installation folder	Windows— `%PROGRAMFILES%\Palo Alto Networks\XDR Collector` Linux— `/opt/paloaltonetworks/xdr-collector`	The default installation path for the XDR Collector. Contains all Program Core files and executables.	Windows Service name—`XDR Collector` Process name—`xdrcollectorsvc.exe` Linux Service name—`xcd` Process name—`xdr-collector.service`
Logs	Windows— `%PROGRAMDATA%\XDR Collector\logs` Linux— `/opt/paloaltonetworks/xdr-collector/logs`	Windows—Contains the XDR Collector application Log, the Filebeat application log, and the Winlogbeat application log. Indicates information, warnings, and errors related to the XDR Collector application. Linux—Contains the XDR Collector application Log as well as the Filebeat application log. Indicates information, warnings, and errors related to the XDR Collector application. Contains the XDR Collector application Log as well as the Filebeat application log. Indicates information, warnings, and errors related to the XDR Collector application.	Windows `scouter.log` `filebeat` `winlogbeat` Linux `scouter.log` `filebeat`
Configuration	Windows— `%PROGRAMFILES%\Palo Alto Networks\XDR Collector\config` Linux— `/opt/paloaltonetworks/xdr-collector/config`	Contains the configuration file of the XDR Collector for both Windows and Linux.	For both Windows and Linux, the file name is `XDR_Collector.xml`.
Persistence	Windows— `%PROGRAMDATA%\XDR Collector\OSPersistence` Linux— `/etc/panw/OSPersistence/`	Contains the Operating System persistence file for the XDR Collector, which issued as part of the registration process.	For both Windows and Linux, the file name is `.scouter.json`.