Least Privileged User: PM, High Availability
Purpose
LogRhythm High Availability mode is designed to help protect against Platform Manager downtime caused by planned or unplanned outages. HA uses host-based replication technologies and constant monitoring of critical components and services.
Shared Resources
| Read | Write | Read & Execute | Modify | Full Control | Children Inherent | |
|---|---|---|---|---|---|---|
| Microsoft SQL | X | |||||
| Data Volumes | X | |||||
| SQL Logs | X | |||||
| Temp DB | X | |||||
| LogRhythm System | X |
Ports
| Micro-Service | Protocol | Destination Port | Direction | Operating System | Purpose |
|---|---|---|---|---|---|
| Windows File and Print | TCP | 135 | Bidirectional | Windows/Linux | |
| UDP | 137 | Bidirectional | Windows/Linux | ||
| UDP | 138 | Bidirectional | Windows/Linux | ||
| TCP | 139 | Bidirectional | Windows/Linux | ||
| TCP | 445 | Bidirectional | Windows/Linux | ||
| LifeKeeper | TCP | 81 | Bidirectional | Windows/Linux | LifeKeeper RMI |
| TCP | 82 | Bidirectional | Windows/Linux | LifeKeeper Web Server | |
| TCP | 1500 | Bidirectional | Windows/Linux | LifeKeeper CommPath | |
| ICMPv4 | Any | Bidirectional | Windows/Linux | LifeKeeper ICMPv4 | |
| Any | Any | Bidirectional | Windows/Linux | LifeKeeper Java | |
| TCP | TCP | Bidirectional | Windows/Linux | LifeKeeper Ikcmsever | |
| TCP | TCP | Bidirectional | Windows/Linux | LifeKeeper EISM | |
| DataKeeper | TCP | 9999 | Bidirectional | Windows/Linux | |
| TCP | 10003 | Bidirectional | Windows/Linux | ||
| TCP | 1001 | Bidirectional | Windows/Linux |
Database Access
HA does not communicate directly with a LogRhythm database.
Registry Access
| Read Control | Write Owner | Write DAC | Delete | Create Link | Enumerate Subkeys | Set Value | Query Value | Full Control | Children Inherent | |
|---|---|---|---|---|---|---|---|---|---|---|
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\Extended Mirroring | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\General | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper] | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\Cygnus Solutions | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\Cygnus Solutions\Cygwin | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\Cygnus Solutions\Cygwin\mounts v2 | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\Cygnus Solutions\Cygwin\mounts v2\/ | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\Cygnus Solutions\Cygwin\mounts v2\/bin | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\Cygnus Solutions\Cygwin\mounts v2\/usr/bin | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\Cygnus Solutions\Cygwin\mounts v2\/usr/lib | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\Cygnus Solutions\Cygwin\Program Options | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\General | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\JavaGUI | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\JavaGUI\ Server | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\Lkinit | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK\app | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK\DNS | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK\DNS\ DNS.0 | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK\IP | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK\LanMan | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK\SQLapp | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK\ SQLapp\SQL_ResTag] | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK\ VolShare | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\RK\volume | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\LifeKeeper\ RK\WebApp | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SteelEye\Lkinit | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SIOS Technology Corp. | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SIOS Technology Corp.\ LifeKeeper for Windows v8 Update 2 Maintenance 1 | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SIOS Technology Corp.\LifeKeeper for Windows v8 Update 2 Maintenance 1\8.2.1 | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SIOS Technology Corp.\ SIOS DataKeeper for Windows v8 Update 2 Maintenance 1 | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ SIOS Technology Corp.\ SIOS DataKeeper for Windows v8 Update 2 Maintenance 1\8.2.1 | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ Steeleye Technology, Inc. | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ Steeleye Technology, Inc.\ LifeKeeper Microsoft SQL Server Recovery Kit v8 Update 2 Maintenance 1 | X | |||||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\ Steeleye Technology, Inc.\ LifeKeeper Microsoft SQL Server Recovery Kit v8 Update 2 Maintenance 1\8.2.1 | X |
Other Resources
Additional software requirements are noted below.
LifeKeeper
LifeKeeper provides continuous monitoring of critical resources. This toolset provides the foundation of the LogRhythm HA platform.
DataKeeper
DataKeeper provides volume-level, block-level replication for disk drives, and delivers a shared-nothing solution when used in conjunction with LifeKeeper.
LifeKeeper SQL Recovery Kit
LifeKeeper SQL Recovery Kit provides enhanced functionality to deliver database and process-level monitoring, along with integrated capabilities within the LifeKeeper GUI. The SQL Recovery Kit is only required for EM, LM, and XM appliances.