CrowdStrike Falcon SIEM Collector systemd service

cs.falconhoseclientd.service

[Unit]
Description=CrowdStrike Falcon Host SIEM Connector
ConditionPathExists=/opt/crowdstrike/etc/cs.falconhoseclient.cfg

[Service]
User=daemon
UMask=022
LimitNOFILE=10000
TimeoutStopSec=90
WorkingDirectory=/opt/crowdstrike/bin
Environment="LOGGER_NAME=FALCON-SIEM-CONNECTOR"

Restart=on-failure
RestartSec=5
StartLimitInterval=60
StartLimitBurst=5
StartLimitAction=none

StandardOutput=null
StandardError=null
ExecStart=/opt/crowdstrike/bin/cs.falconhoseclient -nodaemon -config=/opt/crowdstrike/etc/cs.falconhoseclient.cfg 2>&1 | logger -t FALCON-SIEM-CONNECTOR[WARN] -i

[Install]
WantedBy=multi-user.target

Drop this file in /etc/systemd/system/.

To start it:

systemctl start cs.falconhoseclientd

To check the status of it:

systemctl status cs.falconhoseclientd

To enable it to start automatically at each boot:

systemctl enable  cs.falconhoseclientd