Log Source Optimization
This guide provides information about LogRhythm's Log Source Optimization (LSO) project, which provides an updated mapping schema for log sources in LogRhythm using new MPE rules. This guide includes instructions on how to enable and disable the new log source policies and MPE rules in your LogRhythm deployment, how to make the log processing policy changes required to reap the benefits of LSO, and detailed information about log field parsing by common event.
LSO currently supports the log source types shown in the list below, which are identified with "(Mapping Doc)" at the end of the page title.
To implement LSO, you must use one of these log source types and apply the LogRhythm Default v2.0 log processing policy.