LogRhythm administrators use the Deployment Manager to configure and manage LogRhythm components and functionality such as alarming and reporting.
Deployment Manager Tabs
The Deployment Manager is accessed in any of the following three ways:
- On the main toolbar, click Deployment Manager.
- On the Tools menu, click Administration, and then click Deployment Manager.
- Press Ctrl + y.
When you access Deployment Manager, the following tabs appear.
|Administrators with Access
|An entity represents a physical location in a deployment, such as network records, and host records, and LogRhythm components. The Entities tab opens by default when you access the Deployment Manager.
|The Platform Manager is the hub of a LogRhythm deployment and is the central repository for events, configuration and licensing information, the LogRhythm Knowledge Base, and LogMart.
|The Data Processor provides high-performance, distributed, and highly available processing of machine and forensic data. Processors receive machine and forensic data from Collectors and Forensic Sensors. The number of Data Processors per deployment is based on log data volume and redundancy requirements.
|The AI Engine is a Windows Server system. It is LogRhythm’s advanced analysis platform that performs correlation, pattern recognition, and behavioral analysis.
|LogRhythm NetMon sensor technology provides deep packet inspection (DPI) of network traffic, application identification, application behavior monitoring, and full packet capture.
|The System Monitor collects and forwards log data to Data Processors and can perform file integrity monitoring (FIM). When File Integrity Monitor detects changes in files and directories, the System Monitor Pro or Collector license generates and sends a log to the Data Processor.
|Log sources are single, unique origins of log data that is collected from a Host and is assigned a Message Processing Engine (MPE) policy. A single Host can have multiple Log Sources. A Log Source is the key link LogRhythm uses to determine a log message’s origin.
|Log Processing Policies
|Policies determine which rules are processed against a Log Message Source and how matching logs are treated, including how long it stays online for reporting, if it is archived, and if a copy is sent to the Platform Manager.
|Alarm rules are evaluated by the Alarming and Response Manager to determine if an Event should incur an alarm. They can be system rules supplied by LogRhythm, or custom rules created by users.
|People and Users
|Create and maintain person records for user login identification and contact information for alarm notification.
Deployment Manager Specific Tools Menu Options
The following table lists the Tools menu options that are available in the Deployment Manager.
An * indicates that the option is not available to Restricted Administrators.
Personal Dashboard (Ctrl + P)
Tail (Ctrl + T)
Investigator (Ctrl + I)
Report Center (Ctrl + I)
Lists Manager (Ctrl + L)
Deployment Manager Specific File Menu Options
The File menu options available from most Deployment Manager tabs are described in the table below.
|Starts the process of adding an additional item to the active tab. Does not appear when the Entities tab is active.
|New Root Entity
|Starts the process of creating a top-level Entity and only appears when the Entities tab is active.
|New Child Entity
|Starts the process of creating a child Entity under the selected Entity and only appears when the Entities tab is active.
|Displays information about the item currently selected on the active tab.
|Import License File
|Starts the process to update LogRhythm Licensing.
|Closes the Deployment Manager, but does not close the LogRhythm Client Console.
|Re-establishes the connection to the Platform Manager database (EMDB).
|Closes the LogRhythm Client Console.