XDR Collectors installation resource for Windows and Linux - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Cortex XDR Collectors installation resource for Windows and Linux.

The following table provides important information about the XDR Collectors installation for Windows and Linux.

Installation component

Default path


Related files/Services

Installation folder

  • Windows:

    %PROGRAMFILES%\Palo Alto Networks\XDR Collector

  • Linux:


The default installation path for the XDR Collector. Contains all Program Core files and executables.

  • Windows

    • Service name: XDR Collector

    • Process name: xdrcollectorsvc.exe

  • Linux

    • Service name: xcd

    • Process name: xdr-collector.service


  • Windows:

    %PROGRAMDATA%\XDR Collector\logs

  • Linux:


  • Windows: Contains the XDR Collector application Log, the Filebeat application log, and the Winlogbeat application log. Indicates information, warnings, and errors related to the XDR Collector application.

  • Linux: Contains the XDR Collector application Log as well as the Filebeat application log. Indicates information, warnings, and errors related to the XDR Collector application.

Contains the XDR Collector application Log as well as the Filebeat application log. Indicates information, warnings, and errors related to the XDR Collector application.

  • Windows

    • scouter.log

    • filebeat

    • winlogbeat

  • Linux

    • scouter.log

    • filebeat


  • Windows:

    %PROGRAMFILES%\Palo Alto Networks\XDR Collector\config

  • Linux:


Contains the XML configuration file of the XDR Collector for both Windows and Linux.

Any change in this XML configuration file is saved to the XDR Collector database and the settings are taken from this file.


In some circumstances, such as after an XDR Collectors upgrade, the configured settings in the XML configuration file can be erased. Yet, this won't affect the saved settings in the XDR Collectors database.

For both Windows and Linux, the file name is XDR_Collector.xml.


  • Windows:

    %PROGRAMDATA%\XDR Collector\OSPersistence

  • Linux:


Contains the Operating System persistence file for the XDR Collector, which issued as part of the registration process.

For both Windows and Linux, the file name is .scouter.json.