The LogRhythm Job Manager is a Windows service that is a component of the Platform Manager. The following are the main responsibilities of the Job Manager:
Active Directory Synchronization
Administrators may opt to configure LogRhythm to synchronize user and group information from AD for the purposes of data contextualization and correlation tasks. AD Synchronization can be performed through a regularly scheduled synchronization process via the Job Manager or as a manual process using the AD Synchronization Tool. The Job Manager service performs scheduled AD Synchronization with these conditions:
- Synchronization starts five minutes after the Job Manager service starts.
- Synchronization occurs every hour if the Job Manager service is running.
- The Job Manager attempts to synchronize three times after experiencing an error before waiting for the next scheduled synchronization.
- The service the Job Manager runs under must have the permissions required to query AD to avoid permission related errors.
- Only domains that have Include in Sync selected are synchronized.
Along with Active Directory Synchronization, Job Manager also performs Active Directory group-based authorization synchronization.
Knowledge Base Synchronization
The LogRhythm Knowledge Base is a package containing many of the system default settings for MPE Rules, Message Source Types, Platforms, Log Processing Policies, System AIE Rules, System Alarm Rules, Report Templates, and Compliance Packages. Knowledge Base Synchronization is scheduled in the KB Manager in the Client Console. If the Job Manager is running, the service will try to update and synchronize the Knowledge Base at scheduled time.
Automatic Report Generation
Reports are created and managed from Client Console. Reports are scheduled in form of Report Packages, which are collections of reports. When reports are scheduled from Client Console, the Job Manager executes that scheduled job by creating, exporting, notifying parties, and delivering the reports.
Automatic List Imports
The Job Manager List Import task runs continuously, polling at frequent intervals for list file changes. If a file with the correct name appears, the task imports the list. After a file has been successfully imported, it is deleted. If an error occurs during import, it is renamed with a suffix of .bad. The status of each list import attempt is written to the log file and event log.
The following default rules apply:
- The default import directory is config\list_import (relative to the Job Manager install folder).
- The default processing interval is 60 seconds.
- The defaults cannot be changed.
Automatic List Expiration
The Job Manager makes database calls for list items that are configured to expire and marks them as expired at the appropriate time.
The Job Manager monitors the heartbeat of Mediators, System Monitor Agents, Log Sources, the AIE Communication Manager, the AIE Engine, and Network Montors. The Job Manager interacts with each component's state file and database information to get the component's heartbeat information.