Configure LogRhythm Services and the Windows Data Indexer for FIPS Mode
Configure the Services
Each LogRhythm component needs to be updated to utilize the log-on Domain Service Account. Complete the follow steps for all services that have a name beginning with LogRhythm.
Integrated Security must be enabled for the same LogRhythm components as FIPS. Integrated Security must be configured prior to FIPS. For more information, see Integrated Security.
- Log on to Windows as a Windows system administrator.
- Open the Services panel.
- Right-click the service, click Properties, and then click the Log On tab.
- Select This Account.
Enter the domain credentials of the domain user in the format service_account@domain.com, and click OK.
A confirmation message appears that reads: The Account service_account@domain.com has been granted the Log On As A Service right.
Note that this change is logged in the Windows Event Log – Security log. You can see this change using Windows Event Viewer or a LogRhythm System Monitor with the MS Event Log for Win7/Win8/2008/2012 - Security log source.
Configure Log Ons and Encryption
LogRhythm Configuration Manager
The following components require configuration within the main LogRhythm Configuration Manager.
Service Display Name | Setting to Configure |
---|---|
Admin API | N/A |
AI Engine Drilldown Cache API | Set Database Authentication Strategy to Windows Account Type. |
API Gateway | N/A |
Authentication API | Set Web Console SQL Authentication to Disabled. Set Web Console Active Directory Authentication to Enabled. |
Case API | Set Database Authentication Strategy to Windows Account Type. Set Encrypt SQL Traffic to Enabled. |
Data Indexer | Set Integrated Security to Enabled. Change the DB user name and password to the Domain user credentials created for the Data Indexer services. Domain credentials can be either <domain service account>@domain.name OR domain.name\<domain service account>. |
Global | N/A |
Notification Service | Set Database Authentication Strategy to Windows Account Type. |
SQL Service | N/A |
Web Console API | N/A |
Web Console UI | N/A |
Web Indexer | N/A |
Web Services Host API | N/A |
Web Global |
|
Local Configuration Managers
The following components require configuration within their standalone configuration managers.
Service Display Name | Local Configuration Manager (LCM) | Setting to Configure |
---|---|---|
AI Engine | AIEngine Configuration Manager | Select Login with Windows. Select Encrypt all communications. |
Alarming and Response Manager | Platform Manager Configuration Manager | Select Login with Windows. Select Encrypt all communications. |
Job Manager | Job Manager Configuration Manager | Select Login with Windows. Select Encrypt all communications. |
Mediator Server Service | Data Processor Configuration Manager | Select Login with Windows. Select Encrypt all communications. |
System Monitor Service | System Monitor Configuration Manager > Windows Service Tab | In the Log On section, select This Account and enter the domain user credentials. |