Use the Configuration Manager

The content on this page is only intended for use as an excerpt on other pages. Do not use this information out of context as seen here. Return to the Installation and Upgrades homepage and find the information you need there.

If you are using multiple Web Console instances, the Configuration Manager lets you apply individual configurations to each instance. Each instance, for single or multiple Web Consoles, will be identified in the Configuration Manager as Web Console UI - HOSTNAME, where HOSTNAME is the Windows host name of the server where the Web Console is installed.

Configuring the Data Indexer for Windows and Linux has moved from the individual clusters to the Configuration Manager on the Platform Manager.

Each Cluster has it’s own section under Data Indexers that looks like this: 

Data Indexer - Cluster Name: <ClusterName> Cluster Id: <ClusterID>

The Cluster Name and Cluster ID come from the Environment variables, DX_ES_CLUSTER_NAME and DXCLUSTERID on each server. The Cluster Name can be modified in the Configuration Manager. If you change the Cluster Name, the name should be less than 50 characters long to ensure it displays properly in drop-down menus. The DXCLUSTERID is automatically set by the software and should not be modified.

Until you have had a chance to tune your deployment, and to avoid potential performance issues with AIE Cache Drilldown, you should disable the AIE Drill Down Cache API after upgrading.

The LogRhythm Configuration Manager has two modes: Basic and Advanced. The most commonly edited settings are shown in Basic mode. Advanced mode displays all settings, including those shown in Basic mode, grouped according to which service they affect. You can filter the settings that are displayed by clicking one of the options on the left — All (no filtering), Authentication, or Web Services. When settings are filtered, you should enable the Advanced view to ensure you can see all settings.

To expand the screen and see all options at once, click the View menu in the upper-left corner of the LogRhythm Configuration Manager window, then click Toggle Full Screen.

At the bottom of the LogRhythm Configuration Manager window, a service status indicator shows which Services are active or inactive. A blue light indicates that all services are up. A red light indicates that one or more services are down. You can hover the mouse over the indicator to see a list of which services are down. In Advanced mode, the indicator light also appears next to each group header.

If your LogRhythm Configuration Manager appears grainy, you may need to turn on Windows Font Smoothing. You can read how to do so here: http://www.microsoft.com/typography/ClearTypeFAQ.mspx

To configure settings in the LogRhythm Configuration Manager:

1. Find the setting you want to configure by doing one of the following:
   • In the Search box, type a term that appears in either the name or description of the configuration. Note that headers and user input data won't be searched. Search returns results from both Basic and Advanced modes, even if Advanced is not toggled on.
   • Scroll through the Basic or Advanced configuration mode until you find the option you want. The Configuration Manager is used to configure settings such as user ID, password, authentication strategy, and log level for the following components:
     
     • LogRhythm Database
     • Admin API
     • AIE Drilldown Cache API
     • Alarm API
     • API Gateway
     • Authentication API
     • Case API
     • CloudAI
     • Data Indexer - (one section per cluster)
     • Help and Documentation
     • Search API
     • Notification Service
     • SQL Service
     • Web Console API
     • Web Console UI
     • Web Indexer
     • Web Services Host SPI
     • Windows Authentication Service
2. Enter the configuration you want. Note the following features:
   • The LogRhythm Configuration Manager provides informational text as appropriate about what the settings do and what unit data must be entered in.
   • Configuration changes that could affect the performance of the environment include a written warning beneath the input box.
   • For organizations using Smart Cards, the Automatic Logout Time setting for Web Console API should be increased from the default of zero.
   • Upgrading to a new SIEM version may cause the LogRhythmWebUI Database Password to reset to the default password in the Alarm API section in the Configuration Manager. If you had previously changed this password, you must reenter your LogRhythmWebUI Database Password in the Alarm API section in the Configuration Manager.
   • When Web Console Smart Card Authorization is enabled, the other Authentication API settings will become unavailable.
   • Multi-factor authentication requires users to set up authentication tools on their devices.
   For more information, see the Log in to the Web Console topic in the Enterprise SIEM Help.

3. Click Save after making changes to the configuration. You can also click Save in the Edit menu in the upper-left corner of the Configuration Manager. The configuration file is saved to %APPDATA%\LogRhythm Configuration Manager\presets. You can make additional configuration backups. For more information, see Back Up and Restore section below.

   

   If you make a configuration change and then change that configuration again back to the previously saved setting, the Save button will be deactivated and the last saved values persist. To undo a single configuration change, click Edit in the upper-left corner of the LogRhythm Configuration Manager, and then click Undo. You can also press Ctrl+Z. If you need to undo several configuration changes at once, clicking the Revert Unsaved Changes button sets all configurations back to their last saved values.

The affected service or services restart automatically and the changes are applied. A restart time of up to 60 seconds is normal.