Component Reference
Operating System
Databases
MSSQL
LogRhythm_Alarms
LogRhythm_CMDB
LogRhythm_Events
LogRhythm_LogMart
LogRhythmEMDB
LogRhythm Services
Service | Description |
|---|---|
Admin API | Administers the LogRhythm Deployment via API. |
AI Engine* | Evaluates logs to determine if they match AIE Rules. |
AI Engine Cache Drilldown | Orchestrates drill downs on AIE rules and sends results to the Web Console. |
AI Engine Communication Manager | Sends logs from the Mediator to the AI Engine for evaluation. |
Alarm API | REST API service to interact with data relating to Alarms and Events. |
Alarming and Response Manager | Processes alarms for the deployment. |
API Gateway | Passes data between components of the SIEM. |
Authentication API | Handles authentication of service-to-service and user-to-service communication. |
Job Manager | Reports on the LogRhythm Deployment. |
Metrics Collection | Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
Metrics Database | Collects and stores metrics from all the servers in the deployment. |
Metrics Web UI | Shows the metrics collected via Grafana. |
Notification Service | Sends notifications on AIE alarms. |
Search API | API for LogRhythm Search. |
Service Registry | Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
LogRhythm SQL Service | Verifies if a SQL user is authorized to access data. |
System Monitor | Collects logs and sends them to the Mediator for processing. |
TrueIdentity Sync Client* | Syncs TrueIdentities with an Identity and Access Management (IAM) platform. |
Windows Authentication Service | Verifies if a Windows user is authorized to access data. |
*These services are installed optionally on the PM
LogRhythm Applications
Client Console
Configuration Manager
Infrastructure Installer
Operating System
Databases
No Databases
LogRhythm Archives
Active and Inactive Archives
LogRhythm Services
Service | Description |
|---|---|
API Gateway | Passes data between components of the SIEM. |
Mediator Server Service | Processes logs and sends them on for storage in the Data Indexer. |
Metrics Collection | Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
Service Registry | Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
System Monitor | Collects logs and sends them to the Mediator for processing. |
Operating System
Databases
Elasticsearch
LogRhythm Services
Service | Description |
|---|---|
Bulldozer | Registers the Elasticsearch Cluster name and Node/s in the EMDB. Writes Cluster statistics to the EMDB for use in the Deployment Monitor. |
Carpenter | Reads EMDB table values that are required for ID to Value translation purposes and inserts them into Elasticsearch as individual Indices that are used by Columbo. |
Columbo | Runs Investigations, Tails, AI Engine Drilldowns & Report query requests against Elasticsearch on behalf of the Web & Client Consoles. |
Elasticsearch | Indexes and persists log data. |
GoMaintain | Maintains disk space below a threshold (80% used by default) on the Cluster volume by removing older indices. |
LogRhythm API Gateway | Passes data between components of the SIEM. |
LogRhythm Metrics Collection | Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
LogRhythm Service Registry | Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
Transporter | Accepts batches of logs from DP and sends individual logs to Denorm. |
Watchtower | Receives analytics data from CloudAI. |
Operating System
Databases
No Databases
LogRhythm Services
Service | Description |
|---|---|
API Gateway | Passes data between components of the SIEM. |
Case API | Handles requests involving setting, retrieving, and changing Case data. |
Metrics Collection | Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
Service Registry | Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
Threat Intelligence API | Manages lookups against Threat Intelligence providers and is used in inspecting threat intelligence-relevant fields in the Analyzer Grid. |
Web Console API | Routes requests for retrieving, setting, and creating data in the Web Console, as well as routing requests to other services. |
Web Console UI | Manages static assets, proxies, and web services. The front-end of the Web Console that the browser communicates with. Pulls data retrieved from other APIs to display in the browser. |
Web Indexer | Generates and maintains indices as caches for the Events and Alarms dashboards, Known Values, Search results, AIE Auto Drilldown, and logs attached to cases. |
Web Services Host API | Searches, performs cached indices updates and SQL Server requests. |
Applications
Configuration Manager
Operating System
Supported on many major operating systems. For a complete list, see System Monitor Compatibility and Functionality.
LogRhythm Services
Service | Description |
|---|---|
System Monitor | Collects logs and sends them to the Mediator for processing. |
Operating System
LogRhythm Services
Service | LogRhythm Services |
|---|---|
AI Engine* | Evaluates logs to determine if they match AIE Rules. |
AI Engine Communication Manager* | Sends logs from the Mediator to the AI Engine for evaluation. |
*These services are installed optionally on the PM