Install the XDR Collector on Windows using Msiexec - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-11-07
Category
Administrator Guide
Abstract

Learn how to install the Cortex XDR Collectors on Windows using the Msiexec.

Msiexec provides full control over the installation process and allows you to install, modify, and perform operations on a Windows Installer from the command line interface (CLI). You can also use Msiexec to log any issues encountered during installation.

You can also use Msiexec in conjunction with a System Center Configuration Manager (SCCM), Altiris, Group Policy Object (GPO), or other MSI deployment software to install the XDR Collector on multiple collector machines for the first time.

When you install the XDR Collector with Msiexec, you must install the XDR Collector per-machine and not per-user.

Although Msiexec supports additional options, the XDR Collectors installers support only the options listed here. For example, with Msiexec, the option to install the software in a non-standard directory is not supported—you must use the default path.

The following parameters apply to the initial installation of the XDR Collector on the collector machine.

  • /i <installer path>\<installer file name>.msi DATA_PATH=<Path> PROXY_LIST=<address or list> /quiet /l*v <installation log path>: Installs a package quietly, changes data path, adds proxies, and creates an installation log.

    For example, msiexec /i c:\install\XDRCollector-Win_x64.msi DATA_PATH=c:\data PROXY_LIST=2.2.2.2:8888,1.1.1.1:8080 /quiet /l*v c:\installlog.txt

    Where

    • LOG_LEVEL: Sets the level of logging for the XDR Collector log (INFO, DEBUG, ERROR, and TRACE).

    • LOG_MAX_BYTES: Sets the maximum log size in bytes.

    • LOG_BACKUP_COUNT: Number of cycling logs for the XDR Collector.

    • PROXY_LIST: Proxy address or name, where you can add a comma separated list, such as 2.2.2.2:8888,1.1.1.1:8080.

    • LOG_PATH: The path to save the XDR Collector, Filebeat, and Winlogbeat logs.

    • DATA_PATH: The path for persistence, content, Filebeat application data, Winlogbeat application data, and transaction data.

    • PROVISIONING_SERVER: Provisioning server address.

    • DISTRIBUTION_ID

    • ELB_ADDRESS: Load balancer for fresh XDR Collector installation.

Before completing this task, ensure that you create and download a Cortex XDR Collector installation package in Cortex XSIAM .

To install XDR Collectors using Msiexec:

  1. Use one of the following methods to open a command prompt as an administrator.

    • Select Start → All Programs Accessories. Right-click Command prompt and Run as administrator.

    • Select Start. In the Start Search box, type cmd. Then, to open the command prompt as an administrator, press CTRL+SHIFT+ENTER keys.

  2. Run the msiexec command followed by one or more supported options and properties.

    For example:

    msiexec /i XDRCollector-Win_x64.msi DATA_PATH=c:\data PROXY_LIST=2.2.2.2:8888,1.1.1.1:8080 /quiet /l*v c:\installlog.txt