Skip to main content
Skip table of contents

Deployment Monitor


The Deployment Monitor provides Global Administrators with a near-real-time view of the performance of LogRhythm and the hosts where its components run.

Each LogRhythm Deployment panel tab contains a grid that displays descriptive, statistical, and status information for the deployment or the specific component type. The contents of each grid are refreshed every 30 seconds. The tabs are:

  • Component Status. The Component Status tab shows the health of each component in a LogRhythm deployment. It always lists systems running Data Processor and Platform Manager services as part of this deployment.
  • Data Processors. The Data Processors tab shows the health of the Data Processors.
  • AI Engines. The AI Engines tab shows the health of the AI Engines.
  • Collectors. The Collectors tab shows the health of the Collectors. Collectors are Agents which act as an aggregation point for log collection. These Agents collect data from remote, non-local log sources.
  • System Monitors. The System Monitors tab shows the health System Monitor Agents and Hosts. These Agents only collect data from their local host. An Agent which is not a Collector is referred to as a Host or System Monitor.
  • Log Sources. The Log Sources tab shows the health of the Log Sources.
  • Clusters. The Clusters tab shows the names of the cluster in the deployment and their status.
  • Nodes. The Nodes tab shows the nodes associated with this deployment and information related to them. 

Component Status

The Component Status tab shows the health of each component in a LogRhythm deployment. It always lists systems running Data Processor and Platform Manager services as part of this deployment. By default, the Hosts pane shows any hosts running a System Monitor Agent with a status of Critical, Warning, Notice, or Normal.

Missing Heartbeat Detection

The Data Processor, Agent, AI Engine, and AI Comm Manager actively monitor themselves and Agents for a heartbeat signal at regular intervals. After receiving the signal, the database is updated with a time stamp of the last successful signal from that component. The Job Manager service regularly checks the amount of time that passed since the last successful heartbeat from each component and compares it with the component's unique Heartbeat Warning Interval setting.

  • If a Heartbeat is not received for one full Heartbeat Warning Interval, the Last Heartbeat field is yellow.
  • If a Heartbeat is not received for two full Heartbeat Warning Intervals, the Last Heartbeat field is red.

For some components, the Heartbeat Warning Interval can be modified:

  • Data Processor. The Heartbeat Warning Interval can be set between 60 seconds and 86,400 seconds (1 day). To learn how to change this, see Modify Data Processor Basic Properties.
  • Platform Manager. The Heartbeat Warning Interval cannot be changed. The default is 60 seconds.
  • System Monitor Agent. The Heartbeat Warning Interval can be set between 1 minute and 30 days. To learn how to change this, see Modify System Monitor Basic Properties.
  • AI Engine and AI Comm Manager. The Heartbeat Warning Interval cannot be changed. The default is 60 seconds.
  • Log Sources. These do not have heartbeats. Instead, they use Silent Log Message Source Detection.

If the expected reporting time is greater than the Heartbeat Warning Interval, a Missing Heartbeat Warning event is generated. The warnings continue to be generated each time an additional Heartbeat Warning Interval passes without a signal. After a heartbeat is received from the component, a Heartbeat Returned event is generated and the system again waits for a missing heartbeat condition.

Set a reasonable Heartbeat Warning Interval. Take special notice of systems that reside on non-persistent connections or are removable from the network, such as notebook computers.

Alarms

In order to receive an Alarm on missing heartbeats, you must Create Alarm Rules. There are several predefined rules that are part of the LogRhythm Diagnostics module to alarm on missed heartbeats for the AI Comm Manager, AI Engine, Data Processor, and Agent.

LogRhythm System Metrics

This chart shows the System Metrics by Data Processor.

  • Platform Manager Database Util %
    • EMDB Utilization
    • EventDB Utilization
    • AlarmDB Utilization
    • LogMartDB Utilization
    • CMDB Utilization
  • System Metrics by Data Processor
    • Unprocessed Queue % Full
    • Log Processing Queue % Full
    • Archive Queue % Full
    • GLPRs Hit %
    • EM Realtime Insert Queue % Full
    • EM Disk Insert Queue % Full
    • LogMart Heap % Full

Log Volume by Day

This chart shows Log Volume Statistics by Day for the Past Month.

Each graph shows the following types of logs:

  • Processed Logs
  • Archived Logs
  • Indexed Logs: Online Logs
  • Events: logs that have been promoted to events
  • Alarms
  • LogMart

By default the graph is in a logarithmic scale, which helps compress the graph in deployments that fluctuate log volume greatly.

Use the context menu to display:

  • Indexed Logs
  • Event Data
  • Unidentified Logs
  • LogMart
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close