Breadcrumbs

Configure LogRhythm Services and the Data Indexer for FIPS Mode


Configure the Services

Each LogRhythm component needs to be updated to utilize the log-on Domain Service Account. Complete the follow steps for all services that have a name beginning with LogRhythm.

Integrated Security must be enabled for the same LogRhythm components as FIPS. Integrated Security must be configured prior to FIPS. For more information, see Integrated Security.

  1. Log on to Windows as a Windows system administrator.

  2. Open the Services panel.

  3. Right-click the service, click Properties, and then click the Log On tab.

  4. Select This Account.

  5. Enter the domain credentials of the domain user in the format service_account@domain.com, and click OK
    A confirmation message appears that reads: The Account service_account@domain.com has been granted the Log On As A Service right.

Note that this change is logged in the Windows Event Log – Security log. You can see this change using Windows Event Viewer or a LogRhythm System Monitor with the MS Event Log for Win7/Win8/2008/2012 - Security log source.

Configure Log Ons and Encryption

LogRhythm Configuration Manager

The following components require configuration within the main LogRhythm Configuration Manager.

Service Display Name

Setting to Configure

Admin API

N/A

AI Engine Drilldown Cache API

Set Database Authentication Strategy to Windows Account Type.

API Gateway

N/A

Authentication API

Set Web Console SQL Authentication to Disabled.

Set Web Console Active Directory Authentication to Enabled.

Case API

Set Database Authentication Strategy to Windows Account Type.

Set Encrypt SQL Traffic to Enabled.

Data Indexer

Set Integrated Security to Enabled.

Change the DB user name and password to the Domain user credentials created for the Data Indexer services. Domain credentials can be either <domain service account>@domain.name OR domain.name\<domain service account>.

Global

N/A

Notification Service

Set Database Authentication Strategy to Windows Account Type.

SQL Service

N/A

Web Console API

N/A

Web Console UI

N/A

Web Indexer

N/A

Web Services Host API

N/A

Web Global

  1. Select SQL Authentication and enter the Active Directory account in the username space using the format domainname\username. Leave the password field blank.

  2. Click Save.

  3. Select Windows Authentication.

  4. Click Save.

  5. Load the Web Console and check for data. If no dashboard data is live, restart Web Services. 

Local Configuration Managers

The following components require configuration within their standalone configuration managers.

Service Display Name

Local Configuration Manager (LCM)

Setting to Configure

AI Engine

AIEngine Configuration Manager

Select Login with Windows.

Select Encrypt all communications.

Alarming and Response Manager

Platform Manager Configuration Manager

Select Login with Windows.

Select Encrypt all communications.

Job Manager

Job Manager Configuration Manager

Select Login with Windows.

Select Encrypt all communications.

Mediator Server Service

Data Processor Configuration Manager

Select Login with Windows.

Select Encrypt all communications.

System Monitor Service

System Monitor Configuration Manager > Windows Service Tab

In the Log On section, select This Account and enter the domain user credentials.