Work With Log Sources

Generic system log sources are registered by default in the LogRhythm configuration database the first time an agent connects to a Data Processor. They are used either to log File Integrity Monitor (FIM) information or as collection sources as described in the following table.

FIM is available only for System Monitor Pro or Collector Agents.

Log Source
AIXFileMonRegistered by an AIX System Monitor Pro or Collector Agent the first time it connects to a Data Processor. It contains all logs generated by the AIX agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs.
HPUXFileMonRegistered by a HP-UX System Monitor Pro or Collector Agent on first connection to a Data Processor. It contains all logs generated by the HP-UX agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs.
LinuxFileMonRegistered by a Linux System Monitor Pro or Collector Agent the first time it connects to a Data Processor. It contains all logs generated by the Linux agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs.
LogRhythmDXMonitorRegistered by a Windows System Monitor Agent on first connection to a Data Processor. It contains all diagnostic logs generated by the Data Indexer. Only collects logs when the System Monitor is installed on a Data Indexer.

Registered by a Windows System Monitor Agent the first time it connects to a Data Processor. It contains all logs generated by the Windows Agent Network Connection Monitor (NCM), and it can have a Message Processing Engine Policy assigned to process NCM generated logs

Select from types Windows, Linux, Solaris, AIX, and HP-UX.


Registered by a Windows System Monitor Agent the first time it connects to a Data Processor. It contains all logs generated by the Windows Agent Process Monitor (PM) and it can have a Message Processing. Engine Policy assigned to process PM generated logs

Select from types Windows, Linux, Solaris, AIX, and HP-UX.

SolarisFileMonRegistered by a Solaris System Monitor Pro or Collector Agent the first time it connects to a Data Processor. It contains all logs generated by the Solaris agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs.

Registered by a Windows System Monitor Agent the first time it connects to a Data Processor. It contains all logs generated by the Windows Agent User Activity Monitor (UAM), and it can have a Message Processing. Engine Policy assigned to process UAM generated logs. Select from types Windows, Linux, Solaris, AIX, or HP-UX:

WinDataDefenderRegistered by a Windows System Monitor Agent the first time it connects to a Data Processor. It contains all logs generated by the Windows Agent Data Loss Defender (DLD). It can have a Message Processing Engine Policy assigned to process DLD generated logs.
WinFileMonRegistered by a Windows System Monitor Pro or Collector Agent on first connection to a Data Processor. It contains all logs generated by Windows agent FIM. It can have a Message Processing Engine Policy assigned to process FIM generated logs.
