Skip to main content
Skip table of contents

Disaster Recovery Installations and Upgrades

LogRhythm’s Disaster Recovery solutions are optimized to meet recovery objectives and minimize resource requirements. They provide an affordable option for enterprise business continuity planning while also providing continuous security monitoring. LogRhythm provides disaster recovery capabilities at each layer of the solution, including mirroring of the deployment configuration data, events and alarms to a secondary site. This allows for continued operation of LogRhythm’s Security Intelligence Platform if the primary site is disrupted. It also allows enterprises to adhere to disaster recovery policies to provide protection in case a primary site fails due to natural or man-made disasters. 

Starting with LogRhythm 7.8, the High Availability (HA) and Disaster Recovery (DR) software was decoupled from the SIEM software. There will no longer be a new upgrade package provided for HA/DR with every SIEM release.

LogRhythm Disaster Recovery Solutions

LogRhythm’s Disaster Recovery Solutions deliver:

  • Full operational support of LogRhythm’s Security Intelligence Platform in case of a disaster
    • Synchronization of deployment management across separate sites through industry standard replication technology
      • Rollover of remote data sources, which forward data to secondary sites for seamless failover
      • Access to data, events and alarms with primary system configuration maintained at secondary site
  • Customizable recovery point objective (RPO) with minimal loss of data based on customer requirements
  • Low recovery time objective (RTO) for minimal service disruption
  • Manually initiated failover control through an automated process that leverages an existing DNS infrastructure

Key Features

  • Leverages existing components
  • Continuous database and login mirroring
  • No additional MPS licensing requirements
  • Redundancy at every layer
  • Collection log management and event management
  • Customizable DR deployment options on a per device basis
  • Simple/optimized operation & configuration
  • A single management console with centralized administration that is available from anywhere
  • Efficient bandwidth consumption with encrypted data transfers between sites
  • Supported as an add-on to an existing LogRhythm deployment

LogRhythm can be configured to meet both High Availability and Disaster Recovery objectives in order to ensure optimal business continuity and data retention.

High Availability, Disaster Recovery, and HA+DR Release Notes

Version 10.13.0 - February 2024

LogRhythm High Availability, Disaster Recovery, and HA+DR installation packages are independently versioned from the LogRhythm SIEM. The current version of HA, DR, and HA+DR is 10.13.0.

Compatibility Matrix

  • LogRhythm SIEM Core Component Versions 7.8+

  • Windows Server Operating System Versions: 2012 R2, 2016, 2019 and 2022

  • High Availability SIOS Lifekeeper Version: 8.9.1

Support for Windows Server 2008 R2 has been retired with this version.

Enhancements & Resolved Issues

Bug #




Disaster Recovery

Reboots required during DR installations now correctly continue the installation process rather than throwing a PowerShell error.


High Availability

An issue with installer pathing during a silent HA install/upgrade has been resolved.


Disaster Recovery

An issue with re-running the DR installer causing error messages during SQL Check jobs has been resolved.

Known Issues

The following issues have each been found and reported by multiple users.

Bug #

Found in Version


Release Notes



Disaster Recovery

Description: In Disaster Recovery Environments, LR SQL connections can timeout when using Windows Auth and Shared IP.

Details: This issue is being caused by Windows Auth services attempting to perform Kerberos authentication with a connection string which does not have a valid SPN failing. On failover, the DR Failover IP is forcefully registered in Consul Keyspace. This is intentional and working as intended by Windows Auth.

Workaround: Register SPN for the DR Failover IP in the active directory, or change the “EMDB Server” in Configuration Manager to a DNS name following any failover/back event.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.