Skip to main content
Skip table of contents

OC Admin Open Collectors

This section of the OC Admin User Guide details setup and management of Open Collectors within the OC Admin.

Open Collectors are required for the user to be able to:

  • Run temporary Tail to help mapping log source JSON data to LogRhythm SIEM's parsing tags and fields.
  • Deploy the Pipeline for production.

Open Collectors List

To access the list of Open Collectors in the OC Admin, from the main page:

  1. Click Open Collectors in the menu bar.


The following actions are available for each Open Collector:


Click to refresh the Open Collector host and check for updated versions of:

  • The Operating System.
  • The Open Collector.
  • Beats.

    LogRhythm Beats, if running, or other Beats, if installed.

During the re-scan, information is replaced with "waiting" images:

If the Open Collector host is not reachable, or the credentials are incorrect, the item updates with the following error images:

For more information on the Installed Shippers column, refer to the Shippers section below.

EditClick to edit the Open Collector's properties (such as the name, host, port, and credentials).
DeleteClick to delete the Open Collector from the OC Admin. A prompt appears to verify this action.

Add a New Open Collector

To add a new Open Collector to the OC Admin, from the Open Collectors list:

  1. Click the + Add New OpenCollector button.
  2. Enter a unique OpenCollector Name.
  3. Enter the Host name (the IP address or hostname of the Open Collector).
  4. Enter the SSH Port.
  5. Enter the SSH User name.
  6. Choose between the Password or Private Key authentication method.
  7. Provide the Password or Key in the corresponding field.

    For the Private Key, paste the entire contents of the key file, including the -----BEGIN ... of the first line and ... KEY----- of the last line:

    Open Collectors - Credentials - Private Key

  8. Click the Add new OpenCollector button.
    The new Open Collector is successfully added to the list.


Shippers are used to collect data from the Cloud or local sources. LogRhythm Beats cover a lot of ground, but it's possible to use others.

When an Open Collector is re-scanned (as described above), the list of the configured/running LogRhythm Beats (as well as other installed Beats) is brought up with the respective versions:

Open Collectors - Shippers

Rolling over the icon with the mouse gives the name of the Beat:

Open Collectors - Shippers - genericbeat

Add a Shipper

Sometimes, it's necessary to deploy an extra Shipper on the Open Collector to be able to gather data over a protocol not already supported by the LogRhythm Beats.

To add a shipper to an Open Collector, from the Open Collectors list:

  1. For the selected Open Collector, click on the + button under the Installed Shippers column.
  2. Select the Beat package to be deployed:
    Open Collectors - Shippers - Add

During the installation, the logs of the whole operation are displayed in the lower part of the screen.

As multiple Shippers could be deployed on multiple Open Collectors, each deployment is tracked individually and the logs are grouped by the name of the targeted Open Collector:

While the installation is going on, the "waiting" image is displayed:


Do not leave the page or close the web browser's tab while this process is ongoing, as visibility on the deployment is lost. Even upon returning to the page later, the logs are no longer visible. However, the deployment continues in the background.

A new re-scan of the Open Collector can be forced if deployment visibility is lost. Refer to the Actions section above for more information.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.