Skip to main content
Skip table of contents

Log Sources

A Log Source is a unique source of log data that is collected from a Host. Every log is associated to a single Log Source which is the key link LogRhythm uses to determine the origin of a log message. Hosts can have one or more Log Sources.

  • A typical Windows Server Host has the following Log Sources:
    • System Event Logs
    • Application Event Logs
    • Security Event Logs
  • On a Linux system, an example of a log source would be a Messages Syslog File.

Log Sources are centrally administered through the LogRhythm Client Console. This includes creating Source records and configuring parameters that affect how the Agent collection process functions. After configuration, the settings are pushed out to Agents at each heartbeat communication. Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.

Backwards Compatibility

Starting with the 7.4.3 System Monitor Agent, in order to collect new log sources via the API, the only component that must be at the latest version is the System Monitor. Your core deployment (Mediator, Platform Manager, etc.) can be at any 7.3.x version or above. The only exception to this is the Office 365 Message Tracking log source type which requires a 7.4.x core version. All other API log sources will allow you to use a 7.4.3 agent to collect if your core is at least version 7.3.x.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close