Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.

The Advanced Platform Manager properties consist of additional properties that are specific to the Alarming and Response Manager (ARM). To set or modify the advanced properties

  1. On the main toolbar, click Deployment Manager.
  2. Click the Platform Manager tab, and then click Properties in the Alarming, Reporting, and Response Manager Services section.
    The Platform Manager Properties dialog box appears.
  3. In the lower left corner, click the Advanced button.
    The Advanced Properties window appears.

  4. Configure properties as described in the following table.

    Make changes to the Advanced Properties with extreme care! LogRhythm recommends that the Data Processor Advanced Properties only be modified with the assistance of LogRhythm Support, or by advanced users who have attended LogRhythm training.

    PropertyRangeDefaultDescription
    Case API Group
    CaseAPIPort 8501The port on which the Case API service is running.
    CaseAPIURL https://127.0.0.1/The URL to which Case API requests should be directed.
    Engine Group
    AE_AlarmInsertTimeout1-1205The amount of time (in seconds) the process that inserts alarms has to complete before timing out.
    AE_EventAgeLimit1-288060The number of minutes old an event is allowed to be for alarming processing. The age is determined by subtracting the event's date minus the most recent event. When the alarming engine starts, the latest event date is set to the most recent event in the system.
    AE_GetEventsMaxRecords1-100001000The maximum number of events the engine should retrieve at a time.
    AE_GetEventsTimeout1-12030The amount of time (in seconds) the get events process has to complete before timing out.
    AE_MaxAlarmQueueSize100-100001000The maximum size of the alarm queue. Additional events are not be processed after this size is reached.
    AE_MaxAssociatedEventsPerAlarm1-1000100The maximum number of events that will be associated to a single alarm.
    AlarmURL http://localhost/:
    8443/alarms/
    The base web URL to be used for the SMTP alarm notification email.
    AutoRmdnPluginDir  The directory where the Engine deploys SmartResponse plugins for execution.
    Main Group
    MaxServiceMemory_ARM

    512-64000

    2048Maximum memory allowed for the ARM process (in MB).
    ProcessPriorityLow-HighNormal

    Process priority for the ARM process.

    1) Low

    2) Below Normal

    3) Normal

    4) Above Normal

    5) High

    SMTP Group
    SMTP_BatchEmailInterval1-12060How often (in seconds) the ARM should check to see if batch emails are ready to be sent.
    SMTP_MaxAlarmsPerBatchEmail1-1000100

    The maximum number of Alarms to include in a single batch email notification.

    This system default is overridden by the Maximum Notifications Per Period value in individual Email Notification Policies. For more information, see Create New Email Alarm Notification Policies.

    SMTP_MaxLogLength100-1000200The maximum number of characters to print for log messages included in single or batch email notifications.
    SMTP_MaxLogsPerBatchEmail1-10003The maximum number of log messages to print in the content section of an Alarm within a batch email notification.
    SMTP_MaxLogsPerEmail1-100010The maximum number of log messages to print in the content section of a single email notification.
    SMTP_MaxQueueSize100-100001000The maximum number of email notifications that can be pending transmission before new email notifications are dropped.
    SNMP Group
    SNMP_MaxQueueSize100-100001000Specify the maximum number of SNMP traps that can be queued for sending. New SNMP traps are not processed after queue size is reached.
  5. To save and return to the ARM Properties window, click OK, or to save your changes and continue working in the active window, click Apply.