Platform Manager
The Platform Manager (PM) is the hub of a LogRhythm installation. It serves as the central repository for events, configuration and licensing information, the LogRhythm Knowledge Base, and LogMart. In small deployments, the Platform Manager can also host other LogRhythm components. In larger deployments, it should be a dedicated system. There is only one PM per deployment
The Platform Manager (PM) is a Windows Server system running SQL Server, the LogRhythm Alarming and Response Manager (ARM) service, and the LogRhythm Job Manager service.
- The ARM processes alarm rules and takes the appropriate response, such as sending email to people on a notification list.
- The Job Manager runs scheduled report jobs and other background functions such as automated List imports and heartbeat monitoring. You can schedule report packages to run and be delivered automatically using the Scheduled Report Job Manager. The Job Manager then creates, exports, notifies, and delivers the reports.
Platform Manager Databases
The Platform Manager contains the LogRhythm databases described in the following table.
| Platform Manager Database | Description | Date Resolution |
|---|---|---|
LogRhythmEMDB | All configuration information for a LogRhythm deployment (entities, hosts, networks, agents, log sources, and so on). All records of the archive file properties such as physical properties and hash for verification. All Knowledge Base information that is imported via the KB import process (MPE Rules/Policies, Investigations, Reports, etc.). | N/A |
| LogRhythm_Alarms | Tables of all alarms, alarm notifications, and alarm histories generated by the LogRhythm ARM. | Millisecond |
| LogRhythm_CMDB | Tables of Case Management data from the LogRhythm Web Console. | Millisecond |
| LogRhythm_Events | Tables of all events - log data and metadata - that have been forwarded from Data Processors. | Millisecond |
LogRhythm_LogMart | Tables that track unique log messages with aggregated occurrence information for collected log data Statistics tables that track the volume of log data collected from each log source. | Hour |
Platform Manager Window
The Platform Manager windows contains the following four sections: Alarming, Reporting, and Response Manager Services, Job Manager Services, System Management Settings, and Global Risk Based Priority.
