Customer Support Guide
The purpose of this document is to assist the community of LogRhythm administrators and users in getting the most out of LogRhythm Support. Your LogRhythm Support Concierge Team has constructed the document for you, and asks that you make it your own by modifying your copy over time based on your experiences with LogRhythm Support.
Path for Submitting Cases
- For fastest support during business hours, please call our Support Line. If you have a 24x7 contract with us, we suggest that you use the 24x7 telephone numbers exclusively. The numbers are:
- 11x5 Support
- Toll Free in North America: +1 866-255-0862
7:00 a.m. – 6:00 p.m. MT, Monday - Friday - Direct Dial in the Americas: +1 720-407-3990
7:00 a.m. – 6:00 p.m. MT, Monday - Friday - EMEA: +44 (0) 844 3245898
7:00 a.m. – 6:00 p.m. GMT, Monday - Friday - META: +971 8000-3570-4506
7:00 a.m. – 6:00 p.m. Gulf Time (GMT+4), Sunday - Thursday - APAC: +65 31572044
7:00 a.m. – 6:00 p.m. SGT (Singapore), Monday – Friday
- Toll Free in North America: +1 866-255-0862
- Alternatively, you may submit a case at any time via the LogRhythm Support Portal at https://support.logrhythm.com. If a response to your case is urgently required, please also feel free to call the support line after you’ve submitted the case and ask to be transferred to a support engineer right away. If possible, we’ll accommodate you.
- 11x5 Support
We recommend that, at least a day or two before you might need Support, you visit the Portal home page (https://logrhythmcommunity.force.com/CustomSelfRegister) to create your account and then contact your LogRhythm Customer Relations Manager (CRM) to ask them to authorize access for you to the Support Portal.
Utilizing the 24x7 Feature of Your Contract
A 24x7 support contract gives you the flexibility to work with an available LogRhythm Support Engineer at any time of any day, instead of being limited to the business hours, 7:00 a.m. to 6:00 p.m. Monday through Friday (except holidays), of the region that is associated with your contract. In the Americas, this is 7:00 a.m. to 6:00 p.m. Mountain Time. If you have a 24x7 contract, please read this entire section to be sure you understand how to utilize this feature.
Continue Work with Next Available Region
If you come to the end of a working session with a support engineer and you wish to resume work with another support engineer in the next available region, tell your support engineer. You will need to let the engineer know whom we should contact to continue the work. Please note:
- We cannot guarantee that a support engineer will immediately be available in the next region.
- Many times it is more beneficial to stay with the support engineer with whom you’ve been working rather than transferring to another engineer who will need to study the case history before being able to help you.
New Case Submitted Outside Business Hours (Weekend)
Whether you call our Support Line or submit a new case through the Support Portal, our weekend staff will be notified and will make every effort to reach back out to you within four business hours.
Continue Work on Existing Case Outside Business Hours (Weekend)
Updates to existing cases will NOT notify our weekend staff. So please call the Support Line, which will send you to the voice mail system, and in the message you record, remember to include your support case number. Our weekend support team will be notified immediately, will update your case with the information you provided, and will respond to you as soon as possible to continue working with you.
Some Other Dos and Don’ts
- If you have a case open for a particular issue, please do not open another case for that same issue.
- If you’re unhappy with the progress on a case, the responsiveness of the engineer, or the engineer in general, please call our Support Line and express your concern to the Concierge.
- If, in the course of working on a case, it becomes evident that the title (summary field) is no longer appropriate, please ask the support engineer to change the title.
- When you experience a product issue, please refrain from restarting services or rebooting systems as a means of restoring operations until a support engineer has been able to observe the problem and collect relevant data.
Communicating with the Support Engineers
- Please don’t hesitate to ask your support engineer at the end of a work session what the action plan is. That is, be sure you know what will be done next, by whom, and by when.
Please watch for updates to your cases in your email inbox, or by checking the Support Portal.
When a LogRhythm Support Engineer sends you a message through your support case, the case management system automatically will send you an additional email message to notify you that somebody updated your case. If you would prefer not to receive that extra message:- On the Support Portal homepage, select My Settings from the pulldown menu next to your name at the top right of the page.
- Locate the “Email Notifications” section and uncheck the boxes by “Comments on my posts” and “Comments after me.” This will not impact your Community settings.
- Click Save.
- After receiving a case update, please respond as quickly as you can so that we may continue to work with you. You're welcome to respond to case emails directly, though it is helpful to the LogRhythm Support Team if you reply through the portal instead. Two important tips for you in working with your case on the portal:
- When you reply through the portal, we recommend that you provide your update in the top right box labeled "Post". It's easier to track the discussion this way than to have nested comments.
- Under the "Post" box, there's a sorting menu. It's labeled with your current choice, either "Most Recent Activity" or "Latest Posts". We recommend you set it to "Most Recent Activity."
What to Expect when You Submit a Case
- If you call LogRhythm Support during business hours, one of our Support Concierges will answer your call. The Concierge will create your new support case for you, gather all necessary information from you and if possible transfer your call to an appropriate support engineer to begin work with you immediately.
- If you submit a case through the portal, or if you called but could not be transferred, your case will be placed into the appropriate support queue. We will do our best to have one of our support engineers contact you within four business hours to begin work.
Specific Items to Include with Your Cases
Please be sure to include the following information in each case you submit. The more accurate and thorough you are, the better we will be able to route your case to the right person and the better that person will be able to address your issue quickly and effectively.
- Correct LogRhythm product
- Correct product version.
If you have different versions for different components involved in the issue, please indicate that in the details of your request. - Correct topic
- Accurate Priority
Please help us to help you best by indicating the priority fairly. For more information about case priority, please see Appendix A: Case Priority. - Summary: think of this as the title of your support case. This should tell us at a glance what problem you’re observing or question you’re asking.
- Please tell us, in the “Details” field:
- whether, how, and how much the problem is impacting your business.
- exactly what problem you’ve observed or question you need answered. Remember to let us know when the problem occurred. Please provide as many relevant details as possible, such as specific alarms, log sources, agents, reports, and other items that were involved.
- what has changed in your environment in the hours or days leading up to the problem
If you have a good idea which product component or components are having trouble, please attach to your case the appropriate log or pcap files. Be sure the files have data from at least a couple of hours before the problem was observed all the way through to the present, or the time when the problem went away.
Appendix A: Case Priority
This table is intended as a guide to understanding the appropriate setting of priorities for LogRhythm Support cases. Your selection of a priority will assist LogRhythm Support in serving you better, but will not guarantee any specific response or resolution times outside of what is specified in your LogRhythm maintenance contract.
PRIORITY DEFINITION - LOGRHYTHM SUPPORT | |||
|---|---|---|---|
Priority 1 | Priority 2 | Priority 3 | |
High | Medium | Low | |
Business Impact | Severe User Impact – Security operations are being affected to the degree that users cannot continue normal business operations. | Limited User Impact – Security operations are being affected to the degree that environment visibility and monitoring are incomplete. | Minor User Impact - Security operations are being affected, however users are able to continue normal business operations. |
Technical Impact | Complete or Major outage or degradation of the core LogRhythm application or the user-facing Web Console. | Moderate non-production outage or production degradation. | Issue has little to no impact on users or is isolated to a small number of users |
Work-Around | There is no workaround or no acceptable work-around to effectively use or administer the LogRhythm product. | There is an acceptable work- around to use or administer the LogRhythm product. | There is an acceptable work- around to use or administer the LogRhythm product. |
Examples | Core component down or unavailable
Critical log sources not collecting Multiple collection components down/backlogged
| Widespread performance degradation
Single collection component down/backlogged
Parsing Issues (Parsing gap causing issues in Production) | Isolated Issues
Parsing Requests (Log Source still being on-boarded) |