Monitoring, searching, and analyzing are done through a number of features in the Client Console. These include:

In addition, the following tools assist with further using these monitoring, searching, and analyzing features.

Tool Selector

Monitoring and searching the system for logs is done with the Tool Selector. It provides a user-friendly method to manage the many views of Personal Dashboard and Investigator. In the system layout, it is docked at the left of the window. The Tool Selector is specific to the Tool in which it resides.

  • To unpin the Tool Selector, click the pin icon in the upper-right corner of the Tool Selector so that the point faces left. This collapses the Tool Selector so that it is a tab along the left that you can then open to see the groups and views.
  • To pin the Tool Selector, click the pin icon in the upper-right corner of the Tool Selector so that it appears to be pointing down into the screen. This keeps the Tool Selector visible while working within the tool.

The Tool Selector has four groups of views. Each group is encapsulated in a box that can be collapsed or expanded by clicking the arrow at the right of the header. Views that are open and displayed within the window are listed in bold within the group. Views that are not open and displayed within the window will be listed in regular text (not bold).

  • To bring a view into the window, select it within the group box. It changes to bold and is brought forth as the active displayed view within the window.
  • To remove a view from the window, select it within the group box. It changes from bold to regular text and is removed from the tabs of available views within the window.

Context Menus

LogRhythm provides several tools to search and retrieve log data. After your search results appear, right-click to access additional options in the following locations:

  • Investigate. Log / Event Analyzer and Log Viewer tabs
  • Log Miner. Aggregate Log Messages section
  • Tail. Aggregate Log/Event List section, Log/Event List section
  • Personal Dashboard. Aggregate Event List section

These are the options in the context menus of LogRhythm search tools. Not all options are found in every menu.

Context Menu OptionDescription
Select AllSelect all search results.
Check AllSelect the Action check box for all search results.
Check All DisplayedSelect the Action check box for all displayed search results.
Uncheck All -> Check All DisplayedClear the Action check box for all rows, then select the Action check box for just the rows that are displayed.
Uncheck AllClear the Action check box for all search results.
Uncheck All DisplayedClear the Action check box for all displayed results.
Action

Remove Selected Logs

Remove All But Selected Logs

Filter In Selected Logs

Filter Out Selected Logs

Investigate Sample of Selected Logs

Investigate Selected Logs

ReportOpen the Report Wizard where you can run reports with the selected search results as input.
Export the Grid to a FileExport grid to a csv file.
Chart EventsToggle the graph between Logs and Events.
Copy Selected Logs to Rule BuilderAccess the MPE Rule Builder with populate the Test Center tab.
Copy Selected Logs to Rule Builder and Load RuleAccess the MPE Rule Builder and load with data in the Test Center tab
Export All LogsExport all logs via the LogRhythm Log Exporter.
Export Selected LogsExport all logs via the LogRhythm Log Exporter.
Send All LogsDisplay the Log Submission Tool that will guide you through sending all logs in the search results to LogRhythm support.
Send Selected LogsDisplay the Log Submission Tool that will guide you through sending the selected logs in the search results to LogRhythm support.
Edit Event SettingsDisplay the Edit Policy Event Settings window.
Create an Alarm RuleCreate an alarm rule using information in the log message.
Create a GLPRCreate Global Log Processing Rule (GLPR) rule using information in the log message.
ContextualizeAccess information about hosts, ports, or users associated with a log or event.
CorrelateNarrow the displayed search results even further based on the selected log or event.
AI Engine Search and Drill DownDrill down on selected logs with the AI Engine Event Drill Down Manager.
Add Values to a ListAdd selected values to a list.
Copy Values to ClipboardAdd selected values to the clipboard.
Add Origin Host as Known HostAdd the origin host of the selected log to an entity.
Add Impacted Host as Known HostAdd the impacted host of the selected log to an entity.
Grid Properties

Select which aggregate log fields to include in the grid.

In LogRhythm 8.0, the Client Console display reverses the Domain (Origin) and Domain (Impacted) in search results. Grid columns with the Domain (Impacted) heading show Domain (Origin) results and vice versa. This will be corrected in a future release.