Skip to main content
Skip table of contents

Install a System Monitor on Windows

For systems with UAC (Windows 7 and newer), always run the installers as a Local Administrator with elevated privileges. The person performing the installation must be in the Local Admin group, unless the domain is managed and the Group Policy Object dictates that only Domain Administrators can run installers. When you open any configuration files for editing, you must also run Notepad as administrator to be able to save the file.

  1. Log in to the host machine where you want to install the System Monitor.
  2. Install the Agent by running the downloaded LRSystemMonitor_7.x.x.xxx.exe or LRSystemMonitor_64_7.x.x.xxxx.exe file.
  3. If the system does not have the 2010 and 2013 Microsoft Visual C++ Redistributable Packages installed, click Install when prompted.

  4. Follow the instructions in the LogRhythm System Monitor Service setup wizard.

    1. Pending Reboot. You may choose to ignore this warning and continue to install by clicking Next. If the install fails, reboot the system and try again.

      If a restart is required, this will be indicated in the setup wizard.
    2. License Agreement. Accept the license agreement, if it appears, and then click Next.

    3. Destination Folder. Use the default installation path whenever possible. Click Next.

    4. You are now ready to install the program. Click Install.

    5. When the wizard is complete, select the Launch System Monitor Configuration Manager check box to start the System Monitor Configuration Manager.

    6. Click Finish.
  5. The General tab of the System Monitor Configuration Manager appears. Do the following:

    1. Replace CHANGE_THIS with the static IP address or fully qualified domain name (System Monitor 6.2 or above) of the appropriate Data Processor. By allowing a domain name, LogRhythm deployment connection settings using an internal host name can control IP address assignment through the DNS server.
    2. Enter the port number of the Data Processor to which the System Monitor will connect. The valid range is 1 to 65535, and the default is 443.
    3. Enter the static IP address (of the host running the System Monitor Agent) to use when connecting to the Data Processor. This must be an IP address, rather than a hostname.
    4. Enter the client port number this System Monitor uses when connecting to the Data Processor. The typical range is 49152 to 65535. (Default = 0).
    5. Enter the Host Entity ID in the Host Entity ID field.
    6. If you have a High Availability (HA) deployment, you can modify the following options:

      • Configuration File Parent Directory
      • State File Parent Directory

        Ensure you understand the impacts before making changes.
    7. Click Apply.
  6. Click the Windows Service tab.

    The System Monitor Agent must be assigned to a named account.
  7. Click the Log File tab.
  8. To see the log file that is being collected, click Refresh.
  9. To exit the Local Configuration Manager, click OK.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.