The Open Collector was built to be container native. This provides the foundation for useful functionality in the future, from the next version of the LogRhythm Knowledge Base to easy deployment into AWS, Azure, and GCP.
Prerequisites
-
Internet access.
-
Ensure firewalld is running.
-
Beat configuration. See applicable documentation for the beat you want to use.
-
Operating System:
-
RedHat Enterprise Linux 9.1 or greater. Download RedHat here (license may be required).
RedHat Enterprise Linux 9.1 is only officially supported using Mirantis Container Runtime or Mirantis Kubernetes Engine (Formerly Docker Enterprise Edition).
-
Rocky Linux 9.1 or greater. Download Rocky Linux here.
For an expanded list of operating systems that may only have limited support (LS) with the Open Collector, refer to the LogRhythm Component Compatibility section of the Review the Upgrade Requirements and Considerations topic in the LogRhythm Installation and Upgrade guide.
-
-
Docker:
-
RedHat Enterprise Linux 9.1 or greater.
Mirantis Container Runtime and Mirantis Kubernetes Engine (Formerly Docker Enterprise Edition) are the only officially supported versions of Docker compatible with RedHat Enterprise Linux 8. Requires manual installation and paid license.
-
Rocky Linux 9.1 or greater.
Docker Community Edition is installed automatically with the Open Collector. This requires compatible hardware or VM installation. Your VM instance may require virtualization to be enabled to allow Docker to run.
-
-
Host system:
|
Platform |
vCPU |
Memory |
Disk |
|---|---|---|---|
|
Minimum |
8 |
8GB |
50GB |
|
XM2600 |
8 |
16GB |
100GB |
|
XM4600 |
10 |
16GB |
100GB |
|
XM6600 |
12 |
16GB |
150GB |
|
XM8600 |
12 |
16GB |
150GB |
Adding multiple beats or having a high MPS may require additional resources.
-
System Monitor Agent:Syslog-enabled LogRhythm Windows System Monitor agent, version 7.6 or greaterMust be installed on network-accessible machineUse of the Linux System Monitor agent is not officially supported at this time
As the content of the log sources that the Open Collector can process varies greatly, performance varies based on the log source in use. For more information, see the Configure Open Collector Advanced Properties section of the Configure the Open Collector Connection to the SIEM (Legacy-Syslog) topic.
Navigating the Open Collector Installation Guide
The pages you should view while using this installation guide will vary depending on the operating system you use, your installation method, and how beats will be managed. Use this links below to navigate this guide.
-
(Optional.) If using Generation 6 appliances, refer to the Create Open Collector VM on Gen6 XM topic.
-
Select an operating system from the Install Open Collector Operating System page.
-
Follow the directions on the Install the Open Collector page.
-
Select one of the following methods to manage beats:If you are managing custom beats, or your SIEM version is pre-7.14, follow the instructions at (2026.06) Configure Open Collector Connection to the SIEM (Legacy-Syslog).If your SIEM version is 7.14 or later, follow the instructions at (2026.06) Configure Open Collector Connection to the SIEM (WebUI).