LogRhythm currently provides configuration guides for more than 130 devices. Guides are available here for the most commonly used devices, but the SIEM supports hundreds more devices.
Our goal is to provide a configuration guide for every device the SIEM supports. If your device is not included yet, rest assured that we are working on it.
You can view all SIEM-supported devices in the Client Console by looking at the Log Source Type Selector dialog box.
Recently Added Guides
|API - Office 365 Management Activity (Microsoft)||March 8, 2021|
|Syslog - Dragos Platform CEF||March 8, 2021|
|Syslog - F5 BIG-IP LTM||March 8, 2021|
|Syslog - McAfee ePO||March 8, 2021|
|Syslog - Palo Alto Cortex XDR||March 8, 2021|
|Syslog - Netskope CEF||December 2, 2020|
|MS Windows Event Logging XML - Windows Defender||December 2, 2020|
|Syslog - Fortinet FortiAuthenticator||July 14, 2020|
|Syslog - Nozomi Networks Guardian CEF||June 26, 2020|
|Syslog - Stealthbits Activity Monitor||June 17, 2020|
|Syslog - CheckPoint Log Exporter||April 22, 2020|
|Syslog - LogRhythm Log Distribution Services||April 7, 2020|
|Syslog - Trend Micro Apex One||March 23, 2020|
|Syslog - enSilo NGAV (FortiEDR): Antivirus||March 5, 2020|
|Syslog - FireEye EX: Email Security||March 3, 2020|
|Syslog - Symantec Messaging Gateway||February 28, 2020|
|Flat File - McAfee Proxy Cloud||February 5, 2020|
|Syslog - SentinelOne CEF||January 27, 2020|
|Syslog - Versa Networks SD-WAN||January 6, 2020|
|Solera Connector||March 25, 2020|
Configure LogRhythm to Collect Logs
Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.
These instructions assume you have already completed all procedures described in the specific device configuration guide for the logs you want to collect.
- In the Client Console on the main toolbar, click Deployment Manager.
- Click the System Monitors tab.
- Double-click the System Monitor Agent that collect the information.
The System Monitor Agent Properties dialog box appears.
- Click the Agent Settings tab.
- Right-click anywhere in the Log Message Sources Collected by this Agent grid, and then click New.
- Click the Basic Configuration tab.
For Log Message Source Type, select the name of the log as provided in the device configuration guide, and then click OK.
Complete any additional steps described in the unique Device Configuration Guide, such as providing the file path to the .ini file on the Flat File Settings tab or uploading an .xml file on the UDLA settings tab.
To save the configuration, click OK, and then click OK again.