Defense.com

This deployment requires one of our Enterprise or Advanced packages.

Log collectors must be dedicated machines within your environment that have the following system requirements. Please ensure the machine you're deploying as a log collector meets these requirements.

Firewall rules are required between all logging agents and the log collector, and between the log collector and Defense.com infrastructure.

Deploying a log collector using the Orbital Agent is super straightforward. 

Please do not change the installer filename, as this includes your unique installation key. Doing so will cause the installation to fail.

Log in to your <a href="https://my.defense.com/login" rel="nofollow noopener noreferrer" target="_blank">my.defense.com</a> account

Select Endpoints from the navigation on the left-hand side

Click Orbital Agent from the sub-navigation

From the Orbital Agent index page, click Installation Links in the top right-hand corner

You'll then be presented with a modal where you can select the Endpoint Group, and click Download Installer for Linux

Launch Terminal (<code>Ctrl+Alt+T</code>) and navigate to where your Orbital installer is located

Next, make the installer executable using <code>sudo chmod +x orbital-install-[encypted_key]</code>

Run the installer <code>sudo ./orbital-install-[encrypted_key]</code> (replacing <code>encrypted_key</code> with the encrypted key, which is part of the filename, for example <code>orbital-install-[Wjrh5gjrfh5fhryE4ue]</code>)

Once you've run the installer, you'll be presented with the installation interface. Click Next to begin the installation

Select your installation folder; this will default to /opt/Defensecom/Orbital

Click Next to continue the installation

From the Select Components section, select the Log Collection and Log Generation components, and click Next

Click Finish, and the installation is complete

Contact Defense.com via a <a href="https://my.defense.com/support/tickets" rel="nofollow noopener noreferrer" target="_blank">support ticket</a> to verify collector installation and log flow. We will also need the public IP address of your log collector(s) for our firewall.

1. Log in to your <a href="https://my.defense.com/login" rel="nofollow noopener noreferrer" target="_blank">my.defense.com</a> account
2. Select Endpoints from the navigation on the left-hand side
3. Click Orbital Agent from the sub-navigation
4. From the Orbital Agent index page, click Installation Links in the top right-hand corner
5. You'll then be presented with a modal where you can select the Endpoint Group, and click Download Installer for Linux
6. Launch Terminal (<code>Ctrl+Alt+T</code>) and navigate to where your Orbital installer is located
7. Next, make the installer executable using <code>sudo chmod +x orbital-install-[encypted_key]</code>
8. Run the installer <code>sudo ./orbital-install-[encrypted_key]</code> (replacing <code>encrypted_key</code> with the encrypted key, which is part of the filename, for example <code>orbital-install-[Wjrh5gjrfh5fhryE4ue]</code>)
9. Once you've run the installer, you'll be presented with the installation interface. Click Next to begin the installation
10. Select your installation folder; this will default to /opt/Defensecom/Orbital
11. Click Next to continue the installation
12. From the Select Components section, select the Log Collection and Log Generation components, and click Next
13. Click Install
14. Click Finish, and the installation is complete
15. Contact Defense.com via a <a href="https://my.defense.com/support/tickets" rel="nofollow noopener noreferrer" target="_blank">support ticket</a> to verify collector installation and log flow. We will also need the public IP address of your log collector(s) for our firewall.

And that's it! You've successfully deployed a log collector on Linux using the Orbital Agent 🎉

This guide will walk you through all the steps you need to know to deploy the Orbital Agent as a log collector on Linux

How to deploy a log collector using Orbital on Linux

Privacy notice

Cookie policy

Find answers and get help from Intercom Support and Community Experts

Conversations you've started through the messenger will appear here.

No conversations created by you

Try using different keywords or checking for typos.

No conversations found

Title

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Empty Help Center

Uh oh. That page doesn’t exist.

Home

Search results

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Resources	Requirement
Operating System	Ubuntu 24.04
CPU Cores	Minimum 2
Memory	Minimum 8 GB
Disk Space	Minimum 50 GB

Source	Destination	Protocol	Port	Notes
Windows Agents	Collector IP	TCP	5044	Allow Winlogbeat agents to send logs to the collector over TCP.
Linux Agents	Collector IP	TCP	5044	Allow Filebeat agents to send logs to the collector over TCP.
Syslog Devices	Collector IP	UDP	5514	In order for the logs to be encrypted, they will have to be sent to the collector before sending over to the Defense.com SIEM platform.
Collector	31.28.93.148/32	TCP	443	Allow the collector to send logs to Defense.com SIEM platform.

How to deploy a log collector using Orbital on Linux

System requirements

Firewall Rules

Manual Deployment