This guide provides information about LogRhythm's Log Source Optimization (LSO) project, which provides an updated mapping schema for log sources in LogRhythm using new MPE rules. This guide includes instructions on how to enable and disable the new log source policies and MPE rules in your LogRhythm deployment, how to make the log processing policy changes required to reap the benefits of LSO, and detailed information about log field parsing by common event.
LSO currently supports the log source types shown in the list below, which are identified with "(Mapping Doc)" at the end of the page title.
To implement LSO, you must use one of these log source types and apply the LogRhythm Default v2.0 log processing policy.
-
LSO Overview -
KB Synchronization Settings for LSO -
Apply LogRhythm Default v2.0 on a Log Source -
Roll Back LogRhythm Default v2.0 -
LSO: Syslog - Check Point Log Exporter (Mapping Doc) -
LSO : Syslog - Cisco ISE (Mapping Doc) -
LSO : Syslog - Cisco Meraki (Mapping Doc) -
LSO : Flat File - Cisco Umbrella DNS (Mapping Doc) -
LSO : Syslog - CyberArk (Mapping Doc) -
LSO: Syslog - Cylance (Mapping Doc) -
LSO : Syslog - FireEye MPS (Mapping Doc) -
LSO : Syslog - Forcepoint Web Security (Mapping Doc) -
LSO : Syslog - Fortinet FortiAnalyzer (Mapping Doc) -
LSO : Syslog - Fortinet FortiGate (Mapping Doc) -
LSO : Syslog - Imperva Incapsula CEF (Mapping Doc) -
LSO : Syslog - Imperva Securesphere (Mapping Doc) -
LSO: Syslog - LogRhythm Network Monitor (Mapping Doc) -
LSO : Flat File - Mimecast Email (Mapping Doc) -
LSO : Flat File - Microsoft IIS W3C File (Mapping Doc) -
LSO : MS Windows Event Logging - MSExchange Management (Mapping Doc) -
LSO: MS Windows Event Logging XML - System (Mapping Doc) -
LSO: Syslog - Palo Alto Firewall (Mapping Doc) -
LSO : Syslog - Symantec DLP CEF (Mapping Doc) -
LSO: Syslog - Symantec Endpoint Server (Mapping Doc) -
LSO : Syslog - Tanium LEEF (Mapping Doc) -
LSO: Syslog - Trend Micro Apex One (Mapping Doc) -
LSO : Syslog - Zscaler Nano Streaming Service (Mapping Doc) -
Microsoft Sysmon -
Windows Security Events