Least Privileged User: PM, AIE Communication Manager
The Job Manager runs scheduled report jobs and other background functions, such as automated list imports and heartbeat monitoring. You can schedule report packages to run and be delivered automatically using the Scheduled Report Job Manager. The Job Manager then creates, exports, notifies, and delivers the reports.
Purpose
The AIE Communication Manager is a message broker between the log Mediators and the AIE service. This service receives log messages and writes them into the AIE archive format for use by the AIE service.
Shared Resource
The AIE and AIE Communication Manager services share directories for configuration, state, and data files. These directories can be configured in the AI Engine Configuration Manager tool. This guide refers to the default settings.
| Read | Write | Read & Execute | Modify | Full Control | Children Inherent | |
|---|---|---|---|---|---|---|
| <LogRhythm Installation Directory Path>\LogRhythm\LogRhythm AI Engine | X |
The AIE Communication Manager writes data files read by the AIE. By default, this directory is part of the path above. However, you can configure the AIE system to use a separate directory. If you change the directory, both the AIE and the AIE Communication Manager services will need access to this directory.
Registry Access
| Read Control | Write Owner | Write DAC | Delete | Create Link | Enumerate Subkeys | Set Value | Query Value | Full Control | Children Inherent | |
|---|---|---|---|---|---|---|---|---|---|---|
| KEY_LOCAL_MACHINE\ SOFTWARE\LogRhythm\ lraiecommgr | X | X | X | X | ||||||
| HKEY_LOCAL_MACHINE\ SOFTWARE\LogRhythm\ lraieengine | X | X | X | X |
Database Access
The AIE Communication Service uses the LogRhythmAIE database user and the LogRhythmGlobalAIE security role to access the LogRhythm CM database. All permissions are set as required by the default security role.
Ports
The AIE Communication Manager service must communicate with any Data Processor Mediator services that provide source data. These ports can be configured through the Console’s Deployment Manager. Click the AI Engine tab in the top ribbon, and then click the Servers tab in the bottom ribbon. Select and right-click on the AIE server, and then click Properties. When the AI Engine Server Properties dialog box appears, click Advanced.
| Port | Default Port | Inbound/Outbound | Purpose |
|---|---|---|---|
| Client Management Port | 30000 | Inbound from Mediator(s) | Listener port for AIE to receive management communications from the log or Console |
| Client Data Port | 30001 | Inbound from Mediator(s) | Listener port for AIE to get active logs from registered log Mediators |
Other Resources
The AIE Communication Manager service does not require any other privileges or permissions.