Breadcrumbs

Monitor NetMon in the Client Console

Only Global Admins and Restricted Admins with elevated View and Manage privileges can take this action.

For any Network Monitor you have added to your LogRhythm deployment, there are a number of functions you might want to monitor. Some of these can be monitored on this Network Monitors tab of the LogRhythm SIEM Client Console.

For NetMon administration and configuration capabilities not described in this topic, see LogRhythm NetMon API in the LogRhythm NetMon Help.

  1. On the main toolbar, click Deployment Manager.

  2. Click the Network Monitors tab.

  3. Right-click the Network Monitor that you want to review, click Actions, and then click one of the following:Display Query Rules. This dialog box shows the configuration of the continuous, search-based Alarm rules that are configured in the Network Monitor.Service Status. This dialog box shows the status of the services that are required for NetMon to function correctly.System Logs. This dialog box shows the logs generated by NetMon in real time. The following table describes the logs.Log DataDescriptionEngineDisplays a log for NetMon's packet-processing component (the Engine), which collects and reads the network traffic and processes it.LoggerDisplays a log for the component that sends data through the Rule Engine threads.ManagerDisplays a log for NetMon's component that manages other services, such as the Engine and the Logger.IndexerDisplays a log for the component that indexes metadata in Elasticsearch.PercolatorDisplays a log for the process which tests for alarm conditions using the Elasticsearch percolate function.CassandraDisplays the raw log output of NetMon's database.MetricsDisplays the log for the process used to generate statistical data for NetMon's Diagnostics page.MaintenanceDisplays the log for the process used to maintain NetMon's Elasticsearch indices.License ServerDisplays the log for the process that maintains the license state of the NetMon distribution.Website ErrorDisplays an error log for NetMon's web server component.Website AccessDisplays a log for user activity by IP address. This log activity constantly refreshes.Elastic SearchDisplays an activity log for the metadata storage engine.Flow RulesDisplays a log of Deep Packet Analytics Rules that have run at the flow level.Packet RulesDisplays a log of Deep Packet Analytics Rules that have run at the packet level.AuditDisplays event and diagnostic logs for NetMon. For more information, see Diagnostic Messages.File ExtractionDisplays log messages related to file extraction in NetMon.

  4. Click Close.