Log Distribution Services

The Log Distribution Services (LDS) allows you to forward specified syslog and non-syslog log messages to an external syslog receiver over TCP or UDP. This flexibility allows you to forward log messages in a format and configuration that best meets your needs.

Global Administrators can configure LDS from the LogRhythm Client Console through the Log Distribution Policy Manager or the Log Distribution Receiver Manager.

LDS Component	Purpose
The Log Distribution Receiver Manager	Used to define the external receivers where the syslog messages are forwarded.
The Log Distribution Policy Manager	Used to define the policies that specify which syslog messages are forwarded.
The Mediator Server service	Must be running for LDS to process the logs for forwarding.

Log Distribution Services Startup and Logging

During Data Processor initialization, the Mediator starts the LDS Engine automatically and logs the result to scmedsvr.log.

During startup, the LDS Engine creates its own log file, ldsengine.log, in the Mediator logs directory.

If the Mediator is shut down or restarted, the LDS Engine spools out any unsent logs to disk in the Mediator directory under \state\LDS_Spool\, and a log message is written to ldsengine.log.

Non-Syslog Priority Calculation

When forwarding a message from a syslog source, Log Distribution Services always preserves the original Priority value. For non-syslog sources, the Priority value is based on your selection from the Facility list and the following formula.

The Priority Formula is Priority = Facility * 8 + Severity.

Facility Values

Facility	Value
local 0	16
local 1	17
local 2	18
local 3	19
local 4	20
local 5	21
local 6	22
local 7	23

Message Class ID Severity Values

MsgClassId	Severity
1000	6
1020	6
1040	5
1060	6
1080	5
1100	5
1120	5
1140	6
1160	5
1200
1220
1400
1500
1600
1998	5
1999	6
2000	6
2100	5
2200	4
2250	4
2300	2
2400	2
2500	1
2600	1
2700	4
2810	5
2820
2830
2840
2850
2860
2900	5
2999	6
3000	6
3100	1
3200	3
3300	4
3400	6
3500	6
3510	5
3520	6
3999	6
Else	0