Work With Log Sources
Generic system log sources are registered by default in the LogRhythm configuration database the first time an agent connects to a Data Processor. They are used either to log File Integrity Monitor (FIM) information or as collection sources as described in the following table.
FIM is available only for System Monitor Pro or Collector Agents.
| Log Source | Description |
|---|---|
| AIXFileMon | Registered by an AIX System Monitor Pro or Collector Agent the first time it connects to a Data Processor. It contains all logs generated by the AIX agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs. |
| HPUXFileMon | Registered by a HP-UX System Monitor Pro or Collector Agent on first connection to a Data Processor. It contains all logs generated by the HP-UX agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs. |
| LinuxFileMon | Registered by a Linux System Monitor Pro or Collector Agent the first time it connects to a Data Processor. It contains all logs generated by the Linux agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs. |
| LogRhythmDXMonitor | Registered by a Windows System Monitor Agent on first connection to a Data Processor. It contains all diagnostic logs generated by the Data Indexer. Only collects logs when the System Monitor is installed on a Data Indexer. |
| Network ConnectionMonitor | Registered by a Windows System Monitor Agent the first time it connects to a Data Processor. It contains all logs generated by the Windows Agent Network Connection Monitor (NCM), and it can have a Message Processing Engine Policy assigned to process NCM generated logs Select from types Windows, Linux, Solaris, AIX, and HP-UX. |
| ProcessMonitor | Registered by a Windows System Monitor Agent the first time it connects to a Data Processor. It contains all logs generated by the Windows Agent Process Monitor (PM) and it can have a Message Processing. Engine Policy assigned to process PM generated logs Select from types Windows, Linux, Solaris, AIX, and HP-UX. |
| SolarisFileMon | Registered by a Solaris System Monitor Pro or Collector Agent the first time it connects to a Data Processor. It contains all logs generated by the Solaris agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs. |
| UserActivityMonitor | Registered by a Windows System Monitor Agent the first time it connects to a Data Processor. It contains all logs generated by the Windows Agent User Activity Monitor (UAM), and it can have a Message Processing. Engine Policy assigned to process UAM generated logs. Select from types Windows, Linux, Solaris, AIX, or HP-UX: |
| WinDataDefender | Registered by a Windows System Monitor Agent the first time it connects to a Data Processor. It contains all logs generated by the Windows Agent Data Loss Defender (DLD). It can have a Message Processing Engine Policy assigned to process DLD generated logs. |
| WinFileMon | Registered by a Windows System Monitor Pro or Collector Agent on first connection to a Data Processor. It contains all logs generated by Windows agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs. |