Create Open Collector VM on Gen6 XM
LogRhythm Generation 6 XM appliances (XM2600/XM4600/XM6600/XM8600) support running an Open Collector as a virtual machine locally within the XM. Resources have been planned/reserved on these systems for the Open Collector VM. Hyper-V licensing for two virtual machines is included in the Windows Server 2022 standard license and the Open Collector installation files have been pre-staged.
Virtual Machine resources assigned to your Open Collector should be adjusted based on the size of your XM. Depending on the number of beats used, you may need to adjust the resource allocation to your Open Collector VM post-installation:
Platform | vCPU | Memory | Disk |
|---|---|---|---|
Minimum | 8 | 8GB | 50GB |
XM2600 | 8 | 16GB | 100GB |
XM4600 | 10 | 16GB | 100GB |
XM6600 | 12 | 16GB | 150GB |
XM8600 | 12 | 16GB | 150GB |
It is recommended to deploy the Open Collector VM using Powershell. Open a Powershell command prompt with admin rights and enter the following:
Write-Host 'Building OC Virtual Machine..'
$VMName = "LogRhythmOC"
$NetAdapter = Get-NetAdapter -physical | Where-Object status -eq 'up' | Where-Object {($_.interfacedescription -like '*broadcom*' -or $_.interfacedescription -like '*intel*')} | Select-Object -expandproperty name
New-VMSwitch -Name vSwitch1 -NetAdapterName $NetAdapter -EnableIoV $True -AllowManagementOS $true
New-VM -Name $VMName -MemoryStartupBytes 16GB -Path D:\LogRhythmOCVM -Generation 2 -SwitchName vSwitch1
New-VHD -Path D:\LogRhythmOCVM\LogRhythmOCVM_OS.vhdx -SizeBytes 150GB -Fixed
Add-VMHardDiskDrive -VMName $VMName -Path D:\LogRhythmDXVM\LogRhythmDXVM_OS.vhdx
Add-VMDvdDrive -VMName $VMName -ControllerNumber 0 -Path "C:\LogRhythm\OpenCollector\Rocky-9.2-x86_64-dvd.iso"
Set-VM -VMName $VMName -ProcessorCount 8
Set-VMFirmware -VMName $VMName -BootOrder $(Get-VMHardDiskDrive -VMName $VMName -ControllerLocation 0), $(Get-VMDvdDrive -VMName $VMName), $(Get-VMNetworkAdapter -VMName $VMName) -EnableSecureBoot On -SecureBootTemplate 'MicrosoftUEFICertificateAuthority'
Start-VM $VMName
Write-Host -ForegroundColor Green " Complete"