This section provides instructions for reverting from the LogRhythm Default v2.0 log processing policy to the LogRhythm Default policy. This could be necessary if you want to roll back changes in your environment and utilize a log processing policy that does not include the updated MPE rules and parsing schema added during the Log Source Optimization (LSO) project.
Revert to LogRhythm Default
To roll back to the LogRhythm Default log processing policy:
- Log in to the LogRhythm Client Console with Administrator rights.
- Click Deployment Manager.
- Click the Log Sources tab.
- In the filter, search for the log source type(s) you want to change, and then select the Action check box for each one.
- Right-click the grid, click Actions, and then click Edit Properties.
The Log Message Source Properties window appears.
- Under the Log Message Processing Engine (MPE) Policy, select LogRhythm Default from the drop-down menu.
The log source type is now configured to apply the LogRhythm Default log processing policy and MPE rules.The policy could take up to 20 minutes to apply within your deployment.
Select a New Knowledge Base
- In the LogRhythm Client Console, close the Deployment Manager.
- Click Tools, click Knowledge, and then click Knowledge Base Manager.
- Click Synchronization Settings.
- Click the Synchronize Additional System Properties tab.
- Use the screenshot you took on the KB Synchronization Settings for LSO page to revert to your previous settings. Alternatively, click Restore System Defaults to return these settings to their defaults.
- Click OK.
- Click the Synchronization Mode tab.
- (Optional) Select the Enable Automatic Knowledge Base Download check box, and then click OK.
In the Knowledge Base Manager, click File, click Import Knowledge Base File, and then follow the steps in the Knowledge Base Import Wizard to apply the latest KB.Depending on system performance, this will take approximately 5–10 minutes.
- Close the Knowledge Base Manager.
- To confirm the new KB version, click Help on the main toolbar, and then click About LogRhythm.