Component Reference
Platform Manager
Operating System
Databases
MSSQL
LogRhythm_Alarms
LogRhythm_CMDB
LogRhythm_Events
LogRhythm_LogMart
LogRhythmEMDB
LogRhythm Services
Service | Description |
|---|---|
Admin API | Administers the LogRhythm Deployment via API. |
AI Engine* | Evaluates logs to determine if they match AIE Rules. |
AI Engine Cache Drilldown | Orchestrates drill downs on AIE rules and sends results to the Web Console. |
AI Engine Communication Manager | Sends logs from the Mediator to the AI Engine for evaluation. |
Alarm API | REST API service to interact with data relating to Alarms and Events. |
Alarming and Response Manager | Processes alarms for the deployment. |
API Gateway | Passes data between components of the SIEM. |
Authentication API | Handles authentication of service-to-service and user-to-service communication. |
Job Manager | Reports on the LogRhythm Deployment. |
Metrics Collection | Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
Metrics Database | Collects and stores metrics from all the servers in the deployment. |
Metrics Web UI | Shows the metrics collected via Grafana. |
Notification Service | Sends notifications on AIE alarms. |
Search API | API for LogRhythm Search. |
Service Registry | Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
LogRhythm SQL Service | Verifies if a SQL user is authorized to access data. |
System Monitor | Collects logs and sends them to the Mediator for processing. |
TrueIdentity Sync Client* | Syncs TrueIdentities with an Identity and Access Management (IAM) platform. |
Windows Authentication Service | Verifies if a Windows user is authorized to access data. |
*These services are installed optionally on the PM
LogRhythm Applications
Client Console
Configuration Manager
Infrastructure Installer
Data Processor
Operating System
Databases
No Databases
LogRhythm Archives
Active and Inactive Archives
LogRhythm Services
Service | Description |
|---|---|
API Gateway | Passes data between components of the SIEM. |
Mediator Server Service | Processes logs and sends them on for storage in the Data Indexer. |
Metrics Collection | Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
Service Registry | Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
System Monitor | Collects logs and sends them to the Mediator for processing. |
Data Indexer
Operating System
Databases
Elasticsearch
LogRhythm Services
Service | Description |
|---|---|
Bulldozer | Registers the Elasticsearch Cluster name and Node/s in the EMDB. Writes Cluster statistics to the EMDB for use in the Deployment Monitor. |
Carpenter | Reads EMDB table values that are required for ID to Value translation purposes and inserts them into Elasticsearch as individual Indices that are used by Columbo. |
Columbo | Runs Investigations, Tails, AI Engine Drilldowns & Report query requests against Elasticsearch on behalf of the Web & Client Consoles. |
Elasticsearch | Indexes and persists log data. |
GoMaintain | Maintains disk space below a threshold (80% used by default) on the Cluster volume by removing older indices. |
LogRhythm API Gateway | Passes data between components of the SIEM. |
LogRhythm Metrics Collection | Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
LogRhythm Service Registry | Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
Transporter | Accepts batches of logs from DP and sends individual logs to Denorm. |
Watchtower | Receives analytics data from CloudAI. |
Web Console
Operating System
Databases
No Databases
LogRhythm Services
Service | Description |
|---|---|
API Gateway | Passes data between components of the SIEM. |
Case API | Handles requests involving setting, retrieving, and changing Case data. |
Metrics Collection | Gathers metrics from the server it is installed on and sends them to the Metrics Database on the PM. |
Service Registry | Maintains a Key Value (KV) store used to share service level configuration changes between all hosts in a deployment. |
Threat Intelligence API | Manages lookups against Threat Intelligence providers and is used in inspecting threat intelligence-relevant fields in the Analyzer Grid. |
Web Console API | Routes requests for retrieving, setting, and creating data in the Web Console, as well as routing requests to other services. |
Web Console UI | Manages static assets, proxies, and web services. The front-end of the Web Console that the browser communicates with. Pulls data retrieved from other APIs to display in the browser. |
Web Indexer | Generates and maintains indices as caches for the Events and Alarms dashboards, Known Values, Search results, AIE Auto Drilldown, and logs attached to cases. |
Web Services Host API | Searches, performs cached indices updates and SQL Server requests. |
Applications
Configuration Manager
System Monitor Agent
Operating System
Supported on many major operating systems. For a complete list, see System Monitor Compatibility and Functionality.
LogRhythm Services
Service | Description |
|---|---|
System Monitor | Collects logs and sends them to the Mediator for processing. |