These instructions explain how to add and accept NetMon as a new log source in LogRhythm Enterprise so that you can receive Syslog on the default port (514). For instructions on how to configure LogRhythm Enterprise and NetMon for a non-default Syslog port, see Set Syslog Port to Non-Default Value in LogRhythm Enterprise.

In NetMon

  1. Open the NetMon Web Management interface.
  2. On the top navigation bar, click Configuration, and then click the Syslog tab.
  3. In the Syslog Type field, select TCP.
  4. In the Syslog IP field, enter your System Monitor Agent's IP address.
  5. Click Apply Changes.

In LogRhythm Enterprise

  1. Open the Deployment Manager.
  2. Click the Log Sources tab.
  3. Right-click the pending log source, click Actions, and then click Change Log Source Type.
  4. Select Syslog - LogRhythm Network Monitor.
  5. Click OK.
  6. Right-click the pending log source again, click Actions, and then click Resolve Log Source Hosts.
  7. Right-click the pending log source once more, click Actions, click Accept, and then click Defaults.
  8. Click the Network Monitors tab.
  9. Right-click an empty part of the table, and then click New.
  10. In the Name field, enter a name for the NetMon.
  11. Click the Host icon next to the Host field, select the NetMon host that was created for the log source, and then click OK.
  12. In the Management/API Address field, enter the NetMon's IP address.
  13. In the API Username field, enter your NetMon username—preferably a username with admin privileges.
  14. In the API Key field, enter the full API key of your NetMon. This can be found in NetMon on the Configuration > User page.
  15. Click Test. If all steps have been completed successfully and the Enterprise instance can reach your NetMon, you will see an "Authentication Succeeded" message.