Log Processing Reports

The MPE, a component of the Mediator Server service, keeps a record of how many times a rule has been compared to a log message and the total amount of time spent processing logs against each rule. This is accomplished by writing two logs: lps_detail.log which generates detailed statistics for a log processing policy for a given period of time; lps_policysortingstats.log which compiles a log per second rate of the policy over time. These reports give valuable input into system performance and the efficiency of rules being used in processing.

To send your report to LogRhythm automatically, configure the following parameters in the MPE component, and General group, of the Modify Data Processor Advanced Properties.

Component	Group	Parameter Name	Value Type	Description
MPE	General	LogLevel	Verbose Debug	Sets the MPE logging level (log written to scmpe.log). Options: Off, Error, Warning, Info, Verbose, Debug For lps_detail.log only, set LogLevel to Verbose. For both reports, set LogLevel to Debug.
MPE	General	SubmitDiagnosticsInterval	Integer	How often to submit diagnostic information to LogRhythm (in hours). Enter 0 to disable sending diagnostic information or 1-24 to send diagnostic information. Default: 0
MPE	General	RulePerformanceStatsMode	Off Local Local and Send	Default: Off Rule performance statistics mode: Off. Do not write report (lps_detail.log or lps_policysortingstats.log) or data file (lps_stats.dat) locally or submit to LogRhythm (default). Local. Write the report (lps_detail.log or lps_policysortingstats.log) and data file (lps_stats.dat) locally. Local and Send. Write the Report (lps_detail.log or lps_policysortingstats.log) and data file (lps_stats.dat) locally and submit to LogRhythm. The MPE LogLevel must also be set.
MPE	General	RulePerformanceStats SubmitInterval	1-24	Default: 12 How often to submit rule performance information to LogRhythm (in hours). The latest lps_detail.log and lps_stats.dat files are submitted each interval.