Configure LogRhythm Services and the Windows Data Indexer for FIPS Mode

Configure the Services

Each LogRhythm component needs to be updated to utilize the log-on Domain Service Account. Complete the follow steps for all services that have a name beginning with LogRhythm.

Integrated Security must be enabled for the same LogRhythm components as FIPS. Integrated Security must be configured prior to FIPS. For more information, see Integrated Security.

Log on to Windows as a Windows system administrator.
Open the Services panel.
Right-click the service, click Properties, and then click the Log On tab.
Select This Account.
Enter the domain credentials of the domain user in the format service_account@domain.com, and click OK.
A confirmation message appears that reads: The Account service_account@domain.com has been granted the Log On As A Service right.

Note that this change is logged in the Windows Event Log – Security log. You can see this change using Windows Event Viewer or a LogRhythm System Monitor with the MS Event Log for Win7/Win8/2008/2012 - Security log source.

Configure Log Ons and Encryption

LogRhythm Configuration Manager

The following components require configuration within the main LogRhythm Configuration Manager.

Service Display Name	Setting to Configure
Admin API	N/A
AI Engine Drilldown Cache API	Set Database Authentication Strategy to Windows Account Type.
API Gateway	N/A
Authentication API	Set Web Console SQL Authentication to Disabled. Set Web Console Active Directory Authentication to Enabled.
Case API	Set Database Authentication Strategy to Windows Account Type. Set Encrypt SQL Traffic to Enabled.
Data Indexer	Set Integrated Security to Enabled. Change the DB user name and password to the Domain user credentials created for the Data Indexer services. Domain credentials can be either <domain service account>@domain.name OR domain.name\<domain service account>.
Global	N/A
Notification Service	Set Database Authentication Strategy to Windows Account Type.
SQL Service	N/A
Web Console API	N/A
Web Console UI	N/A
Web Indexer	N/A
Web Services Host API	N/A
Web Global	Select SQL Authentication and enter the Active Directory account in the username space using the format domainname\username. Leave the password field blank. Click Save. Select Windows Authentication. Click Save. Load the Web Console and check for data. If no dashboard data is live, restart Web Services.

Local Configuration Managers

The following components require configuration within their standalone configuration managers.

Service Display Name	Local Configuration Manager (LCM)	Setting to Configure
AI Engine	AIEngine Configuration Manager	Select Login with Windows. Select Encrypt all communications.
Alarming and Response Manager	Platform Manager Configuration Manager	Select Login with Windows. Select Encrypt all communications.
Job Manager	Job Manager Configuration Manager	Select Login with Windows. Select Encrypt all communications.
Mediator Server Service	Data Processor Configuration Manager	Select Login with Windows. Select Encrypt all communications.
System Monitor Service	System Monitor Configuration Manager > Windows Service Tab	In the Log On section, select This Account and enter the domain user credentials.