Accept the Pending Log Source
-
Open the Client Console Deployment Manager.
-
Click the Log Sources tab.
In the New Log Sources grid, a pending log source appears with a name similar to
(customerid)-opencollector.c.e3-hub753dd405.internal
-
Check the Action check box for this log source.
-
Right-click and select Actions, Change Log Source Type.
-
In the text filter box, enter Open Collector.
-
Select the value System : Syslog - Open Collector.
Do not select the specific log source types yet. You will do that in a later step. -
Right-click and select Actions, Resolve Log Source Host.
-
Right-click the selection and click Actions, Accept.
-
Do one of the following:
-
Click OK.
-
To see the newly accepted Log Source in the grid, click Refresh.
Apply the Log Source Virtualization Template
-
Double-click to open the newly accepted Open Collector Log Source.
The Log Message Source Properties window appears. -
Click the Log Source Virtualization tab.
-
Select the Enable Virtualization checkbox.
-
Click Create Virtual Log Sources.
The Create Virtual Log Sources dialog box appears. -
In the Log Source Virtualization Template menu, select the log sources you are planning to collect. At this time, LogRhythm Cloud to Cloud collection supports:
Azure Event HubCarbon BlackCisco AMPDuoGmail Message TrackingOktaPubSubSophos Central -
Click Save.
The confirmation prompt appears. -
Click Apply.
-
Click OK.
New Log Sources appear in the grid as children of your parent log source. -
Click on the System Monitors Tab.
-
Click on the action box next to the agent named (customerid)-dpwac.
-
Right-click the selection and click Actions, Service Restart.