Skip to main content
Skip table of contents

Configure LogRhythm DPAWC

This section explains how to configure the LogRhythm DPAWC (Data Processor, Platform Manager, AIE, Web Console) to run in FIPS mode and communicate with the LogRhythm DX machine using FIPs-approved algorithms.

Prerequisites

Configure the Windows OS for FIPS Mode

Configuring Windows for FIPS mode ensures all .NET services and SQL server uses only FIPS-approved encryption algorithms.

  1. Log on to Windows as a Windows system administrator.
  2. Click StartControl Panel, and Administrative Tools.
  3. Click Local Security Policy.  
  4. The Local Security Settings window appears.
  5. In the navigation pane, click Local Policies, and then click Security Options.
  6. In the right-side pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
  7. In the dialog box that appears, click Enabled, and then click Apply.
  8. Click OK.
  9. Close the Local Security Settings window.
  10. Restart the computer for the change to take affect.

Download and Install the LogRhythm FIPS Package

  1. Download the LogRhythm FIPS package (lrdpawc_fips.zip), available on the LogRhythm Community.

    The package consists of several applications that are required for running the LogRhythm in FIPS mode.

  2. Create the directory C:\Program Files\LogRhythm\LogRhythm FIPS (with one space between LogRhythm and FIPS).
  3. Unzip the contents of lrdpawc_fips.zip into that directory.
    The package contains:
    • LogRhythm stunnel application and configuration files – stunnel.exe and lrdpawc_stunnel.conf.
    • LogRhythm Mediator Server FIPS SIT file – scmedsvr_fips.hsh
    • OpenSSL 1.0.2u with FIPS Module 2.0.16 - libeay32.dll and ssleay32.dll. This application is by stunnel and lrsitapp.exe.
  4. Copy the FIPS version of the Mediator SIT file (scmedsvr_fips.hsh) file to C:\Program Files\LogRhythm\LogRhythm Mediator Server and rename it scmedsvr.hsh.

    Each LogRhythm service will indicate it is operating in FIPS-approved mode in its respective application log.

Configure the Stunnel Solution for Data Indexer Communications

The LogRhythm services use stunnel to encrypt the DX/DPAWC communications using FIPS-approved algorithms.

  1. Edit the stunnel configuration file C:\Program Files\LogRhythm\LogRhythm FIPS\lrdpawc_stunnel.conf:
    • Change all instances of LR_DPAWC_IPADDRESS to the IP address of the LR DPAWC machine.
    • Change all instances of LR_DX_IPADDRESS to the IP address of the LR DX machine.
  2. Create the stunnel client and server certificates using your organization's Certificate Authority or the Red Hat 7 system's OpenSSL application:
    • Copy the lr_stunnel.pem file to C:\Program Files\LogRhythm\LogRhythm FIPS\lr_stunnel.pem.
  3. Start stunnel:
    • C:\Program Files\LogRhythm\LogRhythm FIPS\stunnel.exe
    • C:\Program Files\LogRhythm\LogRhythm FIPS\lrdpawc_stunnel.conf

    You must manually start stunnel each time the machine restarts.

Configure the LogRhythm API Gateway to Use the Stunnel Solution

Configuring the LogRhythm API Gateway involves setting the following system environment variables for the LogRhythm Service Registry to use:

VariableDescriptionValues
FIPS_GATEWAY_ENABLEDWhen set to "true", the LR API Gateway uses the FIPS_GATEWAY_IP and FIPS_GATEWAY_PORT settings instead of the default remote IP and default port of 8501. This forces all remote traffic to send to a specific IP port, expecting only one other instance of API Gateway. True/false
FIPS_GATEWAY_IPIP address to forward all non-loopback (remote) requests for LR API Gateway.A valid IPv4 address
FIPS_GATEWAY_PORTPort to forward all non-loopback (remote) requests for LR API Gateway.A valid TCP port

To set the environment variables:

  1. Open Windows System Properties. 
    The System Properties dialog box appears.
  2. Click the Advanced tab, and then click Environment Variables.
    The Environment Variables dialog box appears.
  3. In the System Variables section, set the following variables to the specified values:

    VariableValue
    FIPS_GATEWAY_ENABLEDtrue
    FIPS_GATEWAY_IPDPAWC_IPADDRESS

    FIPS_GATEWAY_PORT

    8502
  4. Restart the LogRhythm API Gateway service.

  5. Restart all the LogRhythm services and the SQL server service.

    Each LogRhythm service will indicate it is operating in FIPS-approved mode in its respective application log.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.