Skip to main content
Skip table of contents

Configure LogRhythm Services and the Windows Data Indexer for FIPS Mode

Configure the Services

Each LogRhythm component needs to be updated to utilize the log-on Domain Service Account. Complete the follow steps for all services that have a name beginning with LogRhythm.

Integrated Security must be enabled for the same LogRhythm components as FIPS. Integrated Security must be configured prior to FIPS. For more information, see Integrated Security.

  1. Log on to Windows as a Windows system administrator.
  2. Open the Services panel.
  3. Right-click the service, click Properties, and then click the Log On tab.
  4. Select This Account.
  5. Enter the domain credentials of the domain user in the format service_account@domain.com, and click OK
    A confirmation message appears that reads: The Account service_account@domain.com has been granted the Log On As A Service right.

Note that this change is logged in the Windows Event Log – Security log. You can see this change using Windows Event Viewer or a LogRhythm System Monitor with the MS Event Log for Win7/Win8/2008/2012 - Security log source.

Configure Log Ons and Encryption

LogRhythm Configuration Manager

The following components require configuration within the main LogRhythm Configuration Manager.

Service Display Name

Setting to Configure

Admin APIN/A

AI Engine Drilldown Cache API

Set Database Authentication Strategy to Windows Account Type.

API GatewayN/A
Authentication API

Set Web Console SQL Authentication to Disabled.

Set Web Console Active Directory Authentication to Enabled.

Case API

Set Database Authentication Strategy to Windows Account Type.

Set Encrypt SQL Traffic to Enabled.

Data Indexer

Set Integrated Security to Enabled.

Change the DB user name and password to the Domain user credentials created for the Data Indexer services. Domain credentials can be either <domain service account>@domain.name OR domain.name\<domain service account>.

GlobalN/A

Notification Service

Set Database Authentication Strategy to Windows Account Type.

SQL ServiceN/A
Web Console APIN/A
Web Console UIN/A
Web IndexerN/A
Web Services Host APIN/A

Web Global

  1. Select SQL Authentication and enter the Active Directory account in the username space using the format domainname\username. Leave the password field blank.
  2. Click Save.
  3. Select Windows Authentication.
  4. Click Save.
  5. Load the Web Console and check for data. If no dashboard data is live, restart Web Services. 

Local Configuration Managers

The following components require configuration within their standalone configuration managers.

Service Display Name

Local Configuration Manager (LCM)

Setting to Configure

AI Engine

AIEngine Configuration Manager

Select Login with Windows.

Select Encrypt all communications.

Alarming and Response Manager

Platform Manager Configuration Manager

Select Login with Windows.

Select Encrypt all communications.

Job ManagerJob Manager Configuration Manager

Select Login with Windows.

Select Encrypt all communications.

Mediator Server Service

Data Processor Configuration Manager

Select Login with Windows.

Select Encrypt all communications.

System Monitor Service

System Monitor Configuration Manager > Windows Service Tab

In the Log On section, select This Account and enter the domain user credentials.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.