Skip to main content
Skip table of contents

Update SIEM Configurations to Support GeoIP Changes

In a future release of LogRhythm SIEM, the Knowledge Base (KB) will be expanded to contain more GeoIP data and improve IPv4 resolution accuracy. To support the larger KB file created by the added details, several configuration changes within the SIEM are required.

Settings to Validate and Change

In all versions of LogRhythm SIEM, changes are required in the Client Console, the LogRhythm Job Manager, and the LogRhythm Mediator Server configuration files. To manually update these configurations, follow the steps below.

This must be completed, otherwise KB syncs will fail and you will not receive any updated content from LogRhythm.

Update the Client Console Configuration

  1. From the host where the Client Console is installed, navigate to the Client Console installation folder.

The default location is “C:\Program Files\LogRhythm\LogRhythm Console“.

  1. Find “lrconsole.exe.config“ in the installation folder and open it in a text editor, for example, Notepad.

  2. Find the keyword “maxReceivedMessageSize“ whose value is “104857600“.

  3. Change the value of the attribute to “2147483648“ ( maxReceivedMessageSize="2147483648").

  4. Save the file and close it.

  5. Close all open instances of LR Console and reopen it to allow the new configuration to take effect.

This is a local setting. The above steps should be completed for each host where the Client Console is installed.

Update the Job Manager Configuration

  1. From the Platform Manager (PM) machine where the LogRhythm Job Manager is installed, navigate to the Job Manager installation folder.

The default location is “C:\Program Files\LogRhythm\LogRhythm Job Manager“.

  1. Find “lrjobmgr.exe.config“ in the installation folder and open it in a text editor, for example, Notepad.

  2. Find the keyword “maxReceivedMessageSize“ whose value is “104857600“.

  3. Change value of the attribute to “2147483648“ ( maxReceivedMessageSize="2147483648").

  4. Save the file and close it.

  5. Restart the Job Manager service to allow the new configuration to take effect.

Update the Mediator Configuration

  1. From the Data Processor (DP) machine where the LogRhythm Mediator Server is installed, navigate to the Mediator installation folder.

The default location is “C:\Program Files\LogRhythm\LogRhythm Mediator Server“.

  1. Find “scmedsvr.exe.config“ in the installation folder and open it in a text editor, for example, Notepad.

  2. Find the section “<runtime>”

  3. Add a new line within the <runtime> section of the file and add:

CODE 
<gcAllowVeryLargeObjects enabled="true" />

  1. Save the file and close it.

  2. Restart the Mediator Server service to allow the new configuration to take effect.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close