Deployment Manager | LogRhythm Documentation

LogRhythm administrators use the Deployment Manager to configure and manage LogRhythm components and functionality such as alarming and reporting.

Deployment Manager Tabs

The Deployment Manager is accessed in any of the following three ways:

On the main toolbar, click Deployment Manager.
On the Tools menu, click Administration, and then click Deployment Manager.
Press Ctrl + y.

When you access Deployment Manager, the following tabs appear.

Tab	Description	Administrators with Access
Entities	An entity represents a physical location in a deployment, such as network records, and host records, and LogRhythm components. The Entities tab opens by default when you access the Deployment Manager.	Global/Restricted
Platform Manager	The Platform Manager is the hub of a LogRhythm deployment and is the central repository for events, configuration and licensing information, the LogRhythm Knowledge Base, and LogMart.	Global
Data Processors	The Data Processor provides high-performance, distributed, and highly available processing of machine and forensic data. Processors receive machine and forensic data from Collectors and Forensic Sensors. The number of Data Processors per deployment is based on log data volume and redundancy requirements.	Global
AI Engine	The AI Engine is a Windows Server system. It is LogRhythm’s advanced analysis platform that performs correlation, pattern recognition, and behavioral analysis.	Global
Network Monitors	LogRhythm NetMon sensor technology provides deep packet inspection (DPI) of network traffic, application identification, application behavior monitoring, and full packet capture.	Global
System Monitors	The System Monitor collects and forwards log data to Data Processors and can perform file integrity monitoring (FIM). When File Integrity Monitor detects changes in files and directories, the System Monitor Pro or Collector license generates and sends a log to the Data Processor.	Global/Restricted
Log Sources	Log sources are single, unique origins of log data that is collected from a Host and is assigned a Message Processing Engine (MPE) policy. A single Host can have multiple Log Sources. A Log Source is the key link LogRhythm uses to determine a log message’s origin.	Global/Restricted
Log Processing Policies	Policies determine which rules are processed against a Log Message Source and how matching logs are treated, including how long it stays online for reporting, if it is archived, and if a copy is sent to the Platform Manager.	Global
Alarm Rules	Alarm rules are evaluated by the Alarming and Response Manager to determine if an Event should incur an alarm. They can be system rules supplied by LogRhythm, or custom rules created by users.	Global/Restricted
People and Users	Create and maintain person records for user login identification and contact information for alarm notification.	Global

Deployment Manager Specific Tools Menu Options

The following table lists the Tools menu options that are available in the Deployment Manager.

An * indicates that the option is not available to Restricted Administrators.

Option	Sub-Option
Monitor	Alarm Viewer Personal Dashboard (Ctrl + P) Tail (Ctrl + T)
Search	Investigator (Ctrl + I) SecondLook
Report	Report Center (Ctrl + I) View a Report *Scheduled Reports Job Manager
Knowledge	Lists Manager (Ctrl + L) Common Event Change Manager Application Manager Log Source Type Manager MPE Rule Builder Common Event Manager Active Directory Browsers Knowledge Base Manager
Administration	Deployment Monitor Windows Host Wizard Automatic Log Source Configuration Global Log Processing Rule Manager Data Masking Rule Manager Access the SmartResponse Plugin Manager Bulk Updates with the System Monitor Package Manager System Monitor Configuration Policy Manager Data Loss Defender Policy Manager File Integrity Monitor Policy Manager Registry Integrity Monitor Policy Manager Open the Log Source Virtualization Template Manager Automatic Log Source Acceptance Rule Manager Object Permissions Manager Security Manager User Profile Manager *Filter Manager
*Distribution	Notifications and Collaboration Create Group Notifications for Alarms Access the Notification Policy Manager Log Distribution Service Log Distribution Policy Manager Log Distribution Receiver Manager

Deployment Manager Specific File Menu Options

The File menu options available from most Deployment Manager tabs are described in the table below.

Option	Description
New	Starts the process of adding an additional item to the active tab. Does not appear when the Entities tab is active.
New Root Entity	Starts the process of creating a top-level Entity and only appears when the Entities tab is active.
New Child Entity	Starts the process of creating a child Entity under the selected Entity and only appears when the Entities tab is active.
Properties	Displays information about the item currently selected on the active tab.
Import License File	Starts the process to update LogRhythm Licensing.
Close	Closes the Deployment Manager, but does not close the LogRhythm Client Console.
Reconnect	Re-establishes the connection to the Platform Manager database (EMDB).
Exit	Closes the LogRhythm Client Console.