The Log Processing Policy Sorting Stats file is written to the logs directory of the Mediator Server service, and is named lps_policysortingstats.log. It is in standard text comma-delimited format, readable with any text viewer. In a default installation, the path to this file is:
%PROGRAMFILES%\LogRhythm\LogRhythm Mediator Server\logs\lps_policysortingstats.log
Keys to Understanding the Report
The report contains the DateStamp, MPE Policy Name, MPE Policy ID, Log Message Source Type ID, Logs Per Second - Policy Total, Logs Processed - Policy Total, Sorted Regexes. The report gives overall per second policy rates for each loaded policy overtime. It is helpful to graph the output to track performance.
Enable and Send the Report to LogRhythm
These reports allow LogRhythm to analyze rule performance centrally and tune poorly performing rules. The Log Processing Reports do not contain any identifying company information or any sensitive information. Only rule identifiers and performance statistics are included in the transmitted files. The file is transmitted via secure FTP on port 443.