The XDR Collector runs as a service in your environment. While the minimum specifications are listed below, the required resources depend on the number of active integrations and the amount of data being processed.
Network Monitoring vs Server Monitoring
You can install the XDR Collector on an existing server if you are monitoring only Linux logs from that server.
If you're collecting logs from one or more data sources, install the XDR Collector on a dedicated host.
The table below shows the difference between the XDR Collector installed on a dedicated host and installed on an existing server.
Network Monitoring | Server Monitoring | |
---|---|---|
Can monitor | All firewalls and other data sources on the network, including syslog | Logs that come from the Linux Server only |
Supports collecting logs from multiple sources | Yes | No |
Requires a private static IP address | Yes | No |
The requirements and steps for installing the XDR Collector on a dedicated host or on an existing server are the same, except that a dedicated host requires a private static IP address and an existing server doesn't.
Minimum requirements
To set up the XDR Collector, the minimum requirements are the following:
Minimum requirements | |
---|---|
CPU | 2vCPU |
Disk Size | 10GB SSDs |
Memory | 1GB |
Operating System
- Ubuntu 22.04 (Recommended)
- For other versions, see the Elastic Agent 8.12.x row in the Elastic Agent table on this page.
IP Address requirements
A private static IP address is required when installing on a dedicated host. If you're monitoring Linux events on an existing server, a private static IP address is not required.
Required Endpoint/Port Communication
The XDR Collector must be able to communicate to the following endpoints/ports:
Logstash | a96190b49bd294a5fbb3725ff20aab78-c7f64fe7557a87d2.elb.us-east-1.amazonaws.com:5044 |
Management Server | b5e9a5096e0a4f7782cc444c8edbbd5e.fleet.us-east-1.aws.found.io:443 |
Update Server | artifacts.elastic.co:443 |
Setting up the XDR Collector
To set up the XDR Collector, you must do the following procedures:
- To configure private static IP addresses (Not required when installing on an existing server)
- To install the XDR Collector
To configure a static IP address
A private static IP address is required when installing on a dedicated host. If you're installing on an existing server, a private static IP address is not required.
To install the XDR Collector
- In Barracuda XDR Dashboard, click Infrastructure > Collectors.
- In the Policies table, next to the on-prem policy, click Action > Install.
- Click Linux.
- Copy the command at the bottom of the dialog box.
- Open a terminal on the appropriate system, paste the command, and run it.