Configure Collection on the Diagnostics Tool
Specify Data Collection Components
Initially, only data from the EMDB and LogMart databases is queried and presented. To collect additional data such as performance counters, service stats, disk space, spool files, and log files, you must specify credentials on the Credentials page for each Windows LogRhythm Diagnostics Agent node and DX Linux node.
For a complete list of data that is collected initially (using only the Platform Manager Database login) as well as data that is collected on-demand after specifying additional credentials on the Credentials page, see Log Files and Data Collected by the Diagnostic Tool.
To specify LogRhythm nodes for collection:
- Click the Credentials tab.
- On the Credentials page, enter the LogRhythm Diagnostics Agent username, password, and port for each LogRhythm Windows node in the deployment.
- For Windows machines (Platform Manager, Data Processors, AI Engines), enter the username, password, and port designated in the Diagnostics Agent configuration.
- For Linux machines (Data Indexers), enter the username and password only. This is suitable for SSH/SFTP usage. Typically, this is the logrhythm user account.
To validate all credentials entered, click Authenticate.
If credentials are not entered for a LogRhythm node, the credentials or port are invalid, or the Diagnostics Agent is not running on that node, then no additional data or files are collected for that node. Unsuccessful authentication of one or more Diagnostics Agent nodes limits collection during export, and live data will fail to load in the Diagnostics Tool interface.- (Optional) Save the hashed credentials to a file in the user’s AppData directory. Both the login page settings (excluding the password) and the component credentials are saved and reloaded the next time the Diagnostics Tool is opened. The file, settings.json, is saved to the user’s AppData directory—for example, C:\Users\<username>\AppData\Roaming\lrdiagnostics. This file can be renamed or moved to a different location to create saved settings files for more than one deployment. The settings.json file is deleted when the Platform Manager address changes, so the old deployment’s credentials are not applied to the new deployment. To update settings that persist in the settings.json file, click Authenticate.
(Optional) Validate all certificates. Clicking Validate Certificates will confirm that the Diagnostics Agents are using a certificate, the certificate name matches the host serving the certificate, and the certificate chain is valid. Enabling the Save Settings option also saves the Validate Certificates option in the settings.json file.
If using self-signed certificates or certificates that are not signed by a valid certificate authority, enabling the Validate Certificates option causes portions of the Diagnostics Tool to stop functioning.Diagnostics Agents are only installed on Windows LogRhythm components, excluding System Monitor nodes. The Credentials tab does not display the agent version and port for DX Linux nodes, as these nodes do not have a Diagnostics Agent installed.
(Optional) Add Web Console
Unlike the Platform Manager, Data Processor, Data Indexer, and AI Engine nodes, standalone Web Console nodes are not dynamically loaded into the LogRhythm Diagnostics client. To add a standalone Web Console node to the topology the LogRhythm Diagnostics client uses, users must add a Web Console on the Credentials page.
Web Consoles deployed on an existing LogRhythm node cannot be re-added as a standalone Web Console node.
To specify standalone Web Console nodes in the deployment:
- Click the Credentials tab.
- On the Credentials page, click + Add Web Console in the top-left corner of the page.
- Specify a valid hostname and IP address.
- Click Submit.
The new Web Console node is added to LogRhythm Nodes on the page. - Enter the LogRhythm Diagnostics Agent username, password, and port information.
Click Authenticate.
If the LogRhythm deployment consists of a single-node XM, the LogRhythm Diagnostics client already assumes a Web Console is present and the same diagnostics information is already available on the Platform Manager tab.
Standalone Web Console nodes can be removed from the Settings page by clicking the X icon next to the Web Console node.
Collect Data from Components
To collect data from components and save it to a local .zip file:
- Click the Export tab.
- Select an Export Profile, and then select the data points you want to collect and write to the .zip file.
- Specify an output directory for the .zip file and the maximum age of log files to collect.
- (Optional) Specify an encryption password for the export .zip file.
- Specify export timeout (in minutes). This is the length of time the LogRhythm Diagnostics client waits for export requests to the LogRhythm Diagnostics Agent.
- (Optional) To include the Health Check report in the export .zip file, select the Include Health Check report check box.
- To begin the collection, click Run Export.
The status of the collection is updated in the Export Messages text box. When collection is complete, the final status of the export appears in the Last Export Run Information text box. The .zip file is available in the specified output directory. - (Optional) For further analysis, send the .zip file to LogRhythm Customer Support.
For more information on what is contained in the .zip file, see Detailed .zip File Contents From the Diagnostics Tool.