Monitor, Search, and Analysis
Monitoring, searching, and analyzing are done through a number of features in the Client Console. These include:
In addition, the following tools assist with further using these monitoring, searching, and analyzing features.
Tool Selector
Monitoring and searching the system for logs is done with the Tool Selector. It provides a user-friendly method to manage the many views of Personal Dashboard and Investigator. In the system layout, it is docked at the left of the window. The Tool Selector is specific to the Tool in which it resides.
- To unpin the Tool Selector, click the pin icon in the upper-right corner of the Tool Selector so that the point faces left. This collapses the Tool Selector so that it is a tab along the left that you can then open to see the groups and views.
- To pin the Tool Selector, click the pin icon in the upper-right corner of the Tool Selector so that it appears to be pointing down into the screen. This keeps the Tool Selector visible while working within the tool.
The Tool Selector has four groups of views. Each group is encapsulated in a box that can be collapsed or expanded by clicking the arrow at the right of the header. Views that are open and displayed within the window are listed in bold within the group. Views that are not open and displayed within the window will be listed in regular text (not bold).
- To bring a view into the window, select it within the group box. It changes to bold and is brought forth as the active displayed view within the window.
- To remove a view from the window, select it within the group box. It changes from bold to regular text and is removed from the tabs of available views within the window.
Context Menus
LogRhythm provides several tools to search and retrieve log data. After your search results appear, right-click to access additional options in the following locations:
- Investigate. Log / Event Analyzer and Log Viewer tabs
- Log Miner. Aggregate Log Messages section
- Tail. Aggregate Log/Event List section, Log/Event List section
- Personal Dashboard. Aggregate Event List section
These are the options in the context menus of LogRhythm search tools. Not all options are found in every menu.
| Context Menu Option | Description |
|---|---|
| Select All | Select all search results. |
| Check All | Select the Action check box for all search results. |
| Check All Displayed | Select the Action check box for all displayed search results. |
| Uncheck All -> Check All Displayed | Clear the Action check box for all rows, then select the Action check box for just the rows that are displayed. |
| Uncheck All | Clear the Action check box for all search results. |
| Uncheck All Displayed | Clear the Action check box for all displayed results. |
| Action | Remove Selected Logs Remove All But Selected Logs Filter In Selected Logs Filter Out Selected Logs Investigate Sample of Selected Logs Investigate Selected Logs |
| Report | Open the Report Wizard where you can run reports with the selected search results as input. |
| Export the Grid to a File | Export grid to a csv file. |
| Chart Events | Toggle the graph between Logs and Events. |
| Copy Selected Logs to Rule Builder | Access the MPE Rule Builder with populate the Test Center tab. |
| Copy Selected Logs to Rule Builder and Load Rule | Access the MPE Rule Builder and load with data in the Test Center tab |
| Export All Logs | Export all logs via the LogRhythm Log Exporter. |
| Export Selected Logs | Export all logs via the LogRhythm Log Exporter. |
| Send All Logs | Display the Log Submission Tool that will guide you through sending all logs in the search results to LogRhythm support. |
| Send Selected Logs | Display the Log Submission Tool that will guide you through sending the selected logs in the search results to LogRhythm support. |
| Edit Event Settings | Display the Edit Policy Event Settings window. |
| Create an Alarm Rule | Create an alarm rule using information in the log message. |
| Create a GLPR | Create Global Log Processing Rule (GLPR) rule using information in the log message. |
| Contextualize | Access information about hosts, ports, or users associated with a log or event. |
| Correlate | Narrow the displayed search results even further based on the selected log or event. |
| AI Engine Search and Drill Down | Drill down on selected logs with the AI Engine Event Drill Down Manager. |
| Add Values to a List | Add selected values to a list. |
| Copy Values to Clipboard | Add selected values to the clipboard. |
| Add Origin Host as Known Host | Add the origin host of the selected log to an entity. |
| Add Impacted Host as Known Host | Add the impacted host of the selected log to an entity. |
| Grid Properties | Select which aggregate log fields to include in the grid. |