Skip to main content
Skip table of contents

Monitor NetMon in the Client Console

Only Global Admins and Restricted Admins with elevated View and Manage privileges can take this action.

For any Network Monitor you have added to your LogRhythm deployment, there are a number of functions you might want to monitor. Some of these can be monitored on this Network Monitors tab of the LogRhythm SIEM Client Console.

For NetMon administration and configuration capabilities not described in this topic, see LogRhythm NetMon API in the LogRhythm NetMon Help.

  1. On the main toolbar, click Deployment Manager.
  2. Click the Network Monitors tab.
  3. Right-click the Network Monitor that you want to review, click Actions, and then click one of the following:
    • Display Query Rules. This dialog box shows the configuration of the continuous, search-based Alarm rules that are configured in the Network Monitor.
    • Service Status. This dialog box shows the status of the services that are required for NetMon to function correctly.

    • System Logs. This dialog box shows the logs generated by NetMon in real time. The following table describes the logs.

      Log DataDescription

      Engine

      Displays a log for NetMon's packet-processing component (the Engine), which collects and reads the network traffic and processes it.

      Logger

      Displays a log for the component that sends data through the Rule Engine threads.

      Manager

      Displays a log for NetMon's component that manages other services, such as the Engine and the Logger.

      Indexer

      Displays a log for the component that indexes metadata in Elasticsearch.

      Percolator

      Displays a log for the process which tests for alarm conditions using the Elasticsearch percolate function.

      Cassandra

      Displays the raw log output of NetMon's database.

      Metrics

      Displays the log for the process used to generate statistical data for NetMon's Diagnostics page.

      Maintenance

      Displays the log for the process used to maintain NetMon's Elasticsearch indices.

      License Server

      Displays the log for the process that maintains the license state of the NetMon distribution.

      Website Error

      Displays an error log for NetMon's web server component.

      Website Access

      Displays a log for user activity by IP address. This log activity constantly refreshes.

      Elastic Search

      Displays an activity log for the metadata storage engine.

      Flow Rules

      Displays a log of Deep Packet Analytics Rules that have run at the flow level.

      Packet Rules

      Displays a log of Deep Packet Analytics Rules that have run at the packet level.

      Audit

      Displays event and diagnostic logs for NetMon. For more information, see Diagnostic Messages.

      File Extraction

      Displays log messages related to file extraction in NetMon.

  4. Click Close.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close