The Open Collector was built to be container native. This provides the foundation for useful functionality in the future, from the next version of the LogRhythm Knowledge Base to easy deployment into AWS, Azure, and GCP. 

Prerequisites

  • Docker:

    • CentOS 7 and CentOS 8 

      Docker Community Edition is installed automatically with the Open Collector. This requires compatible hardware or VM installation. Your VM instance may require virtualization to be enabled to allow Docker to run.

    • RedHat Enterprise Linux 8 

      Mirantis Kubernetes Engine (Formerly Docker Enterprise Edition) is the only officially supported version of Docker compatible with RedHat Enterprise Linux 8. Requires manual installation and paid license.
  • Host system:

    • With the following minimum specifications:

      • 8 GB RAM

      • 8+ core processor

      • 50 GB of free disk space
      Adding multiple beats or having a high MPS may require additional resources.
  • System Monitor Agent:
    • Syslog-enabled LogRhythm Windows System Monitor agent, version 7.6 or greater
    • Must be installed on network-accessible machine
    • Use of the Linux System Monitor agent is currently not supported


As the content of the log sources that Open Collector can process varies greatly, performance varies based on the log source in use. For more information, see (Optional) Configure Open Collector Advanced Properties.