The Log Distribution Services (LDS) allows you to forward specified syslog and non-syslog log messages to an external syslog receiver over TCP or UDP. This flexibility allows you to forward log messages in a format and configuration that best meets your needs.
Global Administrators can configure LDS from the LogRhythm Client Console through the Log Distribution Policy Manager or the Log Distribution Receiver Manager.
|
LDS Component |
Purpose |
|---|---|
|
The Log Distribution Receiver Manager |
Used to define the external receivers where the syslog messages are forwarded. |
|
The Log Distribution Policy Manager |
Used to define the policies that specify which syslog messages are forwarded. |
|
The Mediator Server service |
Must be running for LDS to process the logs for forwarding. |
Log Distribution Services Startup and Logging
During Data Processor initialization, the Mediator starts the LDS Engine automatically and logs the result to scmedsvr.log.
During startup, the LDS Engine creates its own log file, ldsengine.log, in the Mediator logs directory.
If the Mediator is shut down or restarted, the LDS Engine spools out any unsent logs to disk in the Mediator directory under \state\LDS_Spool\, and a log message is written to ldsengine.log.
Non-Syslog Priority Calculation
When forwarding a message from a syslog source, Log Distribution Services always preserves the original Priority value. For non-syslog sources, the Priority value is based on your selection from the Facility list and the following formula.
The Priority Formula is Priority = Facility * 8 + Severity.
Facility Values
|
Facility |
Value |
|---|---|
|
local 0 |
16 |
|
local 1 |
17 |
|
local 2 |
18 |
|
local 3 |
19 |
|
local 4 |
20 |
|
local 5 |
21 |
|
local 6 |
22 |
|
local 7 |
23 |
Message Class ID Severity Values
|
MsgClassId |
Severity |
|---|---|
|
1000 |
6 |
|
1020 |
6 |
|
1040 |
5 |
|
1060 |
6 |
|
1080 |
5 |
|
1100 |
5 |
|
1120 |
5 |
|
1140 |
6 |
|
1160 |
5 |
|
1200 |
|
|
1220 |
|
|
1400 |
|
|
1500 |
|
|
1600 |
|
|
1998 |
5 |
|
1999 |
6 |
|
2000 |
6 |
|
2100 |
5 |
|
2200 |
4 |
|
2250 |
4 |
|
2300 |
2 |
|
2400 |
2 |
|
2500 |
1 |
|
2600 |
1 |
|
2700 |
4 |
|
2810 |
5 |
|
2820 |
|
|
2830 |
|
|
2840 |
|
|
2850 |
|
|
2860 |
|
|
2900 |
5 |
|
2999 |
6 |
|
3000 |
6 |
|
3100 |
1 |
|
3200 |
3 |
|
3300 |
4 |
|
3400 |
6 |
|
3500 |
6 |
|
3510 |
5 |
|
3520 |
6 |
|
3999 |
6 |
|
Else |
0 |