It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda XDR
Overview Documentation Materials

Setting up the XDR Collector for Linux

  • Last updated on

The XDR Collector for Linux is currently in Beta.

The XDR Collector runs as a service in your environment. While the minimum specifications are listed below, the required resources depend on the number of active integrations and the amount of data being processed.

Network Monitoring vs Server Monitoring

When setting up Network Monitoring, always set up the XDR Collector on a dedicated host server. Don't use an existing server because the amount of data produced by logs can impact critical infrastructure.

You can install the XDR Collector on an existing server if you are monitoring only Linux logs from that server.

If you're collecting logs from one or more data sources, install the XDR Collector on a dedicated host.

The table below shows the difference between the XDR Collector installed on a dedicated host and installed on an existing server.


Network MonitoringServer Monitoring
Can monitor

All firewalls and other data sources on the network, including syslog

Logs that come from the Linux Server only
Supports collecting logs from multiple sourcesYesNo
Requires a private static IP addressYes

No

The requirements and steps for installing the XDR Collector on a dedicated host or on an existing server are the same, except that a dedicated host requires a private static IP address and an existing server doesn't.

Minimum requirements

To set up the XDR Collector, the minimum requirements are the following:

Minimum requirements
CPU2vCPU
Disk Size10GB SSDs
Memory1GB

For Barracuda IDS/Suricata, the host must have 2 Network Interface Cards. One to monitor span traffic and one for host traffic.  For more information, see Setting up the XDR Collector for Barracuda IDS for Linux

Operating System

  • Ubuntu 22.04 (Recommended)
  • For other versions, see the Elastic Agent 8.12.x row in the Elastic Agent table on this page.

IP Address requirements

A private static IP address is required when installing on a dedicated host. If you're monitoring Linux events on an existing server, a private static IP address is not required.

Required Endpoint/Port Communication

The XDR Collector must be able to communicate to the following endpoints/ports:

Logstash

a96190b49bd294a5fbb3725ff20aab78-c7f64fe7557a87d2.elb.us-east-1.amazonaws.com:5044

Management Server

b5e9a5096e0a4f7782cc444c8edbbd5e.fleet.us-east-1.aws.found.io:443

Update Server

artifacts.elastic.co:443

Setting up the XDR Collector

If you have already installed the XDR Collector on a dedicated host, you don't need to reinstall it, even if you integrate multiple applications.

To set up the XDR Collector, you must do the following procedures:

  • To configure private static IP addresses (Not required when installing on an existing server)
  • To install the XDR Collector
To configure a static IP address

A private static IP address is required when installing on a dedicated host. If you're installing on an existing server, a private static IP address is not required.

To install the XDR Collector

The install command is unique for each account and should only be run on systems within that account's network.

  1. In Barracuda XDR Dashboard, click Infrastructure Collectors.
  2. In the Policies table, next to the on-prem policy, click Action Install.
  3. Click Linux.
    InstallXDRCollectorDialog1.png
  4. Copy the command at the bottom of the dialog box.
    InstallXDRCollectorDialog2.png
  5. Open a terminal on the appropriate system, paste the command, and run it.