Updating SIEM Configurations to Support GeoIP Changes
Starting with the January 2024 release of LogRhythm SIEM, the Knowledge Base (KB) will be expanded to contain more GeoIP data and improve IPv4 resolution accuracy. To support the larger KB file created by the added details, several configuration settings within the SIEM are required.
Versions 7.13 and Newer
Versions 7.13 and newer are already shipped with the new configuration necessary to support the new KB. No action is needed.
Versions 7.12 and Older
Versions 7.12 and older need manual configuration changes for KB syncs to continue working without interruption. Changes are required in both the Client Console and the LogRhythm Job Manager configuration files. To manually update these configurations, follow the steps below.
This must be completed before January 2024, otherwise KB syncs will fail and you will not receive any updated content from LogRhythm.
Updating the Client Console Configuration
From the host where client console is installed, navigate to the Client Console installation folder.
The default location is “C:\Program Files\LogRhythm\LogRhythm Console“.
Find “lrconsole.exe.config“ in the installation folder and open it in a text editor, for example, Notepad.
Find the keyword “maxReceivedMessageSize“ whose value will be “104857600“.
Change the value of the attribute to “1073741824“ ( maxReceivedMessageSize="1073741824").
Save the file and close it.
Close all open instances of LR Console and reopen it to allow the new configuration to take effect.
This is a local setting. The above steps should be completed for each host where the Client Console is installed.
Updating Configuration of Job Manager
From the Platform Manager (PM) machine, where the LogRhythm Job Manager is installed, navigate to the Job Manager installation folder.
The default location is “C:\Program Files\LogRhythm\LogRhythm Job Manager“.
Find “lrjobmgr.exe.config“ in the installation folder and open it in a text editor, for example, Notepad.
Find the keyword “maxReceivedMessageSize“ whose value will be “104857600“.
Change value of the attribute to “1073741824“ ( maxReceivedMessageSize="1073741824").
Save the file and close it.
Restart the Job Manager service to allow the new configuration to take effect.