Start the LogRhythm Threat Intelligence Service
To start the Threat Intelligence Service:
Click Start, click All Programs, click the LogRhythm folder, right-click Threat Intelligence Service Configuration Manager, and then click Run as administrator.
If the connection to the LogRhythm server has not been created, you need to configure it before you can run the Service Manager. For more information, see Threat Intelligence Service User Guide.
- In the Threat Intelligence Service Manager, click Start Service.
The Service has two log files in C:\Program Files\LogRhythm\LogRhythm Threat Intelligence Service\logs\. If you do not see text files being created in the Job Manager’s list_import directory after starting the service, open the lrtfsvc.log file and look at the log messages. The lrtfsvc.log file contains a record for every attempted connection and download of feed data from a vendor. If the file does not contain any records, you may not have the vendor information configured correctly, your user credentials on the service may be incorrect, or your SQL User ID and password may be invalid.
When the service is running and making all connections successfully, you may see some spikes in the service’s host memory utilization when it is downloading threat feed data from a vendor. The memory usage may rise as high as 100 KB, but should not persist when the download has completed.