Disaster Recovery Installations and Upgrades
LogRhythm’s Disaster Recovery solutions are optimized to meet recovery objectives and minimize resource requirements. They provide an affordable option for enterprise business continuity planning while also providing continuous security monitoring. LogRhythm provides disaster recovery capabilities at each layer of the solution, including mirroring of the deployment configuration data, events and alarms to a secondary site. This allows for continued operation of LogRhythm’s Security Intelligence Platform if the primary site is disrupted. It also allows enterprises to adhere to disaster recovery policies to provide protection in case a primary site fails due to natural or man-made disasters.
Starting with LogRhythm 7.8, the High Availability (HA) and Disaster Recovery (DR) software was decoupled from the SIEM software. There will no longer be a new upgrade package provided for HA/DR with every SIEM release.
LogRhythm Disaster Recovery Solutions
LogRhythm’s Disaster Recovery Solutions deliver:
Full operational support of LogRhythm’s Security Intelligence Platform in case of a disaster
Synchronization of deployment management across separate sites through industry standard replication technology
Rollover of remote data sources, which forward data to secondary sites for seamless failover
Access to data, events and alarms with primary system configuration maintained at secondary site
Customizable recovery point objective (RPO) with minimal loss of data based on customer requirements
Low recovery time objective (RTO) for minimal service disruption
Manually initiated failover control through an automated process that leverages an existing DNS infrastructure
Key Features
Leverages existing components
Continuous database and login mirroring
No additional MPS licensing requirements
Redundancy at every layer
Collection log management and event management
Customizable DR deployment options on a per device basis
Simple/optimized operation & configuration
A single management console with centralized administration that is available from anywhere
Efficient bandwidth consumption with encrypted data transfers between sites
Supported as an add-on to an existing LogRhythm deployment
LogRhythm can be configured to meet both High Availability and Disaster Recovery objectives in order to ensure optimal business continuity and data retention.
High Availability, Disaster Recovery, and HA+DR Release Notes
Version 10.20.0 - April 2026
LogRhythm High Availability, Disaster Recovery, and HA+DR installation packages are independently versioned from the LogRhythm SIEM. The current version of HA, DR, and HA+DR is 10.20.0.
Compatibility Matrix
LogRhythm SIEM Core Component Versions 7.8+
Windows Server Operating System Versions: 2016, 2019, 2022, and 2025
High Availability SIOS Lifekeeper Version: 10.0.1
New Features
Feature | Component | Description |
|---|---|---|
High Availability Deployment Framework Upgrades | HA | Upgraded SIOS from v8.x to v10.x, introducing a modern GUI and adding support for Windows Server 2025 and SQL Server 2022. This issue also fixes an issue with the T: drive being incorrectly created as a Volume ResTag during installation. Legacy installers remain required to manually install for Windows Server 2016–2019. SIOS v10 is not supported on pre‑Windows Server 2016 platforms. |
Enhancements and Resolved Issues
Bug # | Component | Description |
|---|---|---|
ENG-52226 | DR, HA+DR | An issue that was causing alarms to duplicate in certain situations during patches or reboots has been resolved. |
ENG-54514 | DR, HA+DR | An issue with Service Registry Key Value imports timing out because the Service Registry did not fully initialize after a restart has been resolved by adding more time for the import to take place. |
ENG-57634 | DR | The DR_ServiceControl script has been updated to utilize the correct ARM path in both Disaster Recovery (DR) and High Availability + Disaster Recovery (HA+DR) deployments. |
ENG-61042 | HA | An issue that was causing the HA install script to fail in certain situations has been resolved by normalizing case handling, meaning the script no longer requires case sensitivity to run properly. |
ENG-61198 | DR | An issue with Disaster Recovery (DR) Setup handling for single and multiple failover IP scenarios has been resolved. |
ENG-62808 | DR | The DR_ServiceControl script has been updated to remove Metrics Collection, allowing the primary and secondary host to both report Metrics information. |
ENG-63276 | DR | An issue where Disaster Recovery monitoring could incorrectly assign cluster resources to multiple nodes during failover, resulting in repeated GroupCheck errors, has been resolved. |
ENG-78451 | DR | An issue where DR Monitor could incorrectly initiate a forced failover in certain situations, even after the user explicitly selected "No" and "Exit," has been resolved. |
ENG-81162 | HA, DR, HA+DR | The High Availability (HA), Disaster Recovery (DR), and HA+DR installers have all received a refresh to match current company branding. |
ENG-81166 | DR | The Disaster Recovery (DR) installation script has been updated to correctly execute a scheduled task on modern operating systems. |
ENG-81167 | DR | The Disaster Recovery (DR) setup script has been updated to correctly validate the path to the “DR Status” shortcut depending on which SQL version is installed. |
ENG-81169 | HA+DR | An issue that would cause the API Gateway to stop in certain situations during HA failover has been resolved. |
ENG-83361 | DR | An issue with the Disaster Recovery (DR) installation process in which attempting to create clusters could throw error messages and stop the installation from completing in certain situations has been resolved. |
ENG-85421 | DR | An issue that was causing DR startup scripts to fail in certain situations during reboots due to elevated User Account Control settings has been resolved. |
ENG-86345 | DR | An issue where the DR Login Propagation Job Validation step would remain in a permanent failure state in certain situations after a temporary error has been resolved. |
ENG-88323 | DR | Improved DR login propagation visibility by introducing a troubleshooting mechanism, delivered as a stored procedure in the master database, to verify login synchronization between Primary and DR sites. |
ENG-88816 | HA+DR | An issue where the DR Service Control script could fail on a passive DR node in certain situations by attempting to start a SQL Agent job has been resolved. |
Known Issues
The following issues have each been found and reported by multiple users.
Bug # | Found in Version | Components | Release Notes |
|---|---|---|---|
ENG-52241 | N/A | Disaster Recovery | Description: In Disaster Recovery Environments, LR SQL connections can timeout when using Windows Auth and Shared IP. Details: This issue is being caused by Windows Auth services attempting to perform Kerberos authentication with a connection string which does not have a valid SPN failing. On failover, the DR Failover IP is forcefully registered in Consul Keyspace. This is intentional and working as intended by Windows Auth. Workaround: Register SPN for the DR Failover IP in the active directory, or change the “EMDB Server” in Configuration Manager to a DNS name following any failover/back event. |
ENG-61255 | N/A | High Availability | Description: Enabling the “Force randomization for images (Mandatory ASLR)” option in the environment results in the LifeKeeper GUI failing to load and outputting several error messages. Details: Due to the way the SIOS software is compiled, enabling this option renders the LifeKeeper GUI unable to load. Because this is not an issue with the LogRhythm software, we are unable to address this issue. Workaround: Disable the “Force randomization” setting in environments with LifeKeeper. There is a new web-based UI version of SIOS releasing in 2026 that may resolve this issue. |
Version 10.13.0 - February 2024
LogRhythm High Availability, Disaster Recovery, and HA+DR installation packages are independently versioned from the LogRhythm SIEM. The current version of HA, DR, and HA+DR is 10.13.0.
Compatibility Matrix
LogRhythm SIEM Core Component Versions 7.8+
Windows Server Operating System Versions: 2016, 2019 and 2022
High Availability SIOS Lifekeeper Version: 10.0.1
Support for Windows Server 2012 and older have been retired with this version.
Enhancements & Resolved Issues
Bug # | Component | Description |
|---|---|---|
ENG-49867 | Disaster Recovery | Reboots required during DR installations now correctly continue the installation process rather than throwing a PowerShell error. |
ENG-50668 | High Availability | An issue with installer pathing during a silent HA install/upgrade has been resolved. |
ENG-52380 | Disaster Recovery | An issue with re-running the DR installer causing error messages during SQL Check jobs has been resolved. |