Log Files and Data Collected by the Diagnostic Tool

The following log files and data points are collected and consolidated by the LogRhythm Diagnostics Tool into a compressed .zip file in the specified output directory. All Items are collected immediately upon logging in to the Diagnostics Tool, except for the items in italics, which are only collected on demand.

Overview

• Deployment Message Per Second – Last 30 Days

• System Monitor by OS

• Log Source by Type

• Deployment Topology (mapping of LogRhythm components)

• DX Cluster Topology (mapping of DX clusters and nodes)

• Standalone Web Console nodes

• Network Monitors

  

  NetMons do not appear unless they are registered in the LogRhythm Client Console.

Platform Manager (PM)

• Percentage Disk Used

• Disk Status

  • Filesystem

  • Mount

  • Size (MB)

  • Free (MB)

  • % Used

• Enabled Global Log Processing Rules (GLPRs)

  • Name

  • Sort Order

  • Date Updated

  • Date Expires

• Enabled Alarm Rules

  • Name

  • Rule Group

  • Type

  • Date Updated

• Knowledge Base (KB)

  • Version

  • Date Updated

  • KB Download Statistics

• Enabled KB Modules

  • Module

  • Version

  • Date Updated

• LogRhythm Diagnostic Alarms – Last 24 Hours

  • Alarm ID

  • Entity

  • Date

  • Status

  • Name

  • Assigned To

• Processing (DP and AIE), Indexing, Archiving, LogMart, and Event Performance/Capacity/Oversubscription Analysis

• Log Volume by:

  • Data Processor

  • System Monitor

  • Log Source Type

  • Log Source

• System Monitors Pending Acceptance

• Log Sources Pending Acceptance

• Quiet Log Sources

• Quiet Agents

• SQL Server Databases and Utilization

  • SQL Server Version

  • LogRhythm DB Versions and Last Updates

  • Database File Locations, Free Space, and Utilizations

  • LogRhythm Maintenance Job History

• Pending Agents and Log Sources

• LPS Detail Report

• Performance Counters

  • ARM

  • Logical Disks

• LogRhythm Services

  • Service status (running, stopped)

• Logical Disk Utilization

  • Disk Sizes

  • Used Space

• LogRhythm Application Logs

  • Common Components

    • LogRhythm API Gateway

    • LogRhythm API Gateway_ErrWarn

    • LogRhythm Metrics Collection

    • LogRhythm Metrics Collection_ErrWarn

    • LogRhythm Service Registry

    • LoGRhythm Service Registry_ErrWarn

  • Alarming and Response Manager (ARM)

    • scarm

  • Job Manager

    • lrjobmgr

    • lrjobmgr_ErrWarn

  • Authentication

    • LogRhythm Authentication API

    • LogRhythm Authentication API_ErrWarn

    • LogRhythm Windows Authentication Service

    • LogRhythm Windows Authentication Service_ErrWarn

  • System Monitor Agent (scsm)

Advanced Intelligence Engine (AIE)

• Logical Disk Utilization

  • Disk Sizes

  • Used Space

• Enabled AIE Rules

  • Name

  • Status

  • Alarm Enabled

  • Date Updated

• AIE Rule Performance

  • Name

  • Runtime Cost

  • Unshared Memory Cost

  • Unshared Memory (MB)

  • Recent Events Forwarded Minutes

  • Recent Event Feedback Minutes

• Spool File Information

  • Data Files

  • Size Data Files (MB)

  • Data Error Files

  • Size Data Error Files (MB)

  • Data Read Files

  • Size Data Read Files (MB)

• Service Status

  • Service

  • Display Name

  • Status

• Performance Counters

  • AIE Communication Manager

  • AI Engine Server

  • Logical Disks

Data Processor (DP)

• Processed and Unprocessed Queue files (numbers and sizes)

  • Spooled Unprocessed Archives

  • Spooled Events

  • Spooled Unprocessed Logs

  • Spooled AIE Data Provider Logs

  • DX Reliable Persist

• Performance Counters

  • LDS

  • LogMart

  • Processing

  • Stats

  • Data Provider

  • Logical Disks

• LogRhythm Services

  • Service status (running, stopped)

• Logical Disk Utilization

  • Disk Sizes

  • Used Space

Data Indexer (DX)

• Elasticsearch Metrics

• LogRhythm Services

  • Service status (running, stopped)

• Logical Disk Utilization

  • Disk Sizes

  • Used Space

Web Console (Web UI)

• LogRhythm Services
  • Service status (running, stopped)
• Logical Disk Utilization
  • Disk Sizes
  • Used Space

Reports

• Health Check

Utilization

• Deployment Messages Per Second – Last 30 Days

• Top 10 Charts

  • Top 10 System Monitors by Volume – Last 24 Hours

  • Top 10 Log Sources by Volume – Last 24 Hours

  • Top 10 Log Source Types by Volume – Last 24 Hours

  • Top 10 Alarms – Last 24 Hours

• Current Platform Manager Rates (MPS)

  • Events

  • LogMart

  • Alarm Counts

• Current Data Processor Rates (MPS)

  • Processing

  • Archiving

• Current DX Indexing Rates (MPS)

  • DX Cluster Indexing

  • Data Processing Indexing

• Current AIE Engine Rates

  • Processing

• Log Volume Trends

  • Top 10 System Monitors by Volume – Last 24 Hours

  • Top 10 Log Source Type by Volume – Last 24 Hours

• Log Volume by System Monitor (Top 25) – Last 30 Days

• Log Volume by Log Source Type – Last 30 Days

• Log Volume by Data Processor by Day – Last 30 Days

• Database Overview

  • Name

  • Version

  • Last Update

  • Size (MB)

  • Max Size (MB)

  • % Used

• Data Backup Information (note: database backup information is only accurate if using MSSQL database backups)

  • Name

  • File Name

  • Last Backup

  • Backup File

• License Report

  • License Type

  • Expires

  • License Qty

  • Assigned Qty

  • Available Qty

• Max Hourly MPS BY Day

  • Date

  • Hour

  • Licensed MPS

  • MPS

• Capacity Planning

  • Hours Over Maximum Sustained Rate

    • Platform Manager Event Rate

    • Platform Manager Logmart Rate

    • Data Processor Processing Rate

    • Data Processor Archiving Rate

    • DX Cluster Indexing Rate

    • AI Engine Processing Rate

  • Minutes Over Maximum Peak Rate

    • Platform Manager Event Rate

    • Platform Manager Logmart Rate

    • Data Processor Processing Rate

    • Data Processor Archiving Rate

    • DX Cluster Indexing Rate