High Availability Installations and Upgrades
LogRhythm’s High Availability solutions are architected to meet the specific requirements of organizations that need access to critical log and event data at all times. All LogRhythm appliances are built with onboard redundancy for maximum fault tolerance, but some enterprises require an even greater level of guaranteed availability.
Starting with LogRhythm 7.8, the High Availability (HA) and Disaster Recovery (DR) software was decoupled from the SIEM software. There will no longer be a new upgrade package provided for HA/DR with every SIEM release.
The Web Console is supported in High Availability environments (PM/XM) where each Web Console instance is run as Active/Active. In this configuration, the Web Console indices should be configured on a non-replicated disk such as C: or T:.
High Availability Solutions
- Automatic failover, ensuring business continuity and information assurance during:
- System failures
- Environmental disruptions (power outage, fire, etc.)
- Planned outages for system maintenance and upgrades
- High Availability available at every product solution layer
- Flexible architecture options to meet compliance and budget requirements
- Simple operation and configuration of HA solution
- Centralized administration and deployment health monitoring
Solutions Components
- Data Collector. active/passive HA, Horizontal scalability
- Network Monitor & System Monitor. Horizontal & vertical scalability, local caching
- Data Processor. Active/active data collector failover, horizontal & vertical scalability
- Data Indexer. Active/active clustering for HA and scalability under load, horizontal & vertical scalability
- AI Engine. Active/passive HA with compressed connection, horizontal & vertical scalability
- Platform Manager. Active/passive HA with compressed connection, vertical scalability
LogRhythm can be configured to meet both High Availability and Disaster Recovery objectives in order to ensure optimal business continuity and data retention.
High Availability, Disaster Recovery, and HA+DR Release Notes
Version 10.13.0 - February 2024
LogRhythm High Availability, Disaster Recovery, and HA+DR installation packages are independently versioned from the LogRhythm SIEM. The current version of HA, DR, and HA+DR is 10.13.0.
Compatibility Matrix
LogRhythm SIEM Core Component Versions 7.8+
Windows Server Operating System Versions: 2012 R2, 2016, 2019 and 2022
High Availability SIOS Lifekeeper Version: 8.9.1
Support for Windows Server 2008 R2 has been retired with this version.
Enhancements & Resolved Issues
Bug # | Component | Description |
|---|---|---|
ENG-49867 | Disaster Recovery | Reboots required during DR installations now correctly continue the installation process rather than throwing a PowerShell error. |
ENG-50668 | High Availability | An issue with installer pathing during a silent HA install/upgrade has been resolved. |
ENG-52380 | Disaster Recovery | An issue with re-running the DR installer causing error messages during SQL Check jobs has been resolved. |
Known Issues
The following issues have each been found and reported by multiple users.
Bug # | Found in Version | Components | Release Notes |
|---|---|---|---|
ENG-52241 | N/A | Disaster Recovery | Description: In Disaster Recovery Environments, LR SQL connections can timeout when using Windows Auth and Shared IP. Details: This issue is being caused by Windows Auth services attempting to perform Kerberos authentication with a connection string which does not have a valid SPN failing. On failover, the DR Failover IP is forcefully registered in Consul Keyspace. This is intentional and working as intended by Windows Auth. Workaround: Register SPN for the DR Failover IP in the active directory, or change the “EMDB Server” in Configuration Manager to a DNS name following any failover/back event. |