Skip to main content
Skip table of contents

Install a System Monitor on Windows

For systems with UAC (Windows 7 and newer), always run the installers as a Local Administrator with elevated privileges. The person performing the installation must be in the Local Admin group, unless the domain is managed and the Group Policy Object dictates that only Domain Administrators can run installers. When you open any configuration files for editing, you must also run Notepad as administrator to be able to save the file.

  1. Log in to the host machine where you want to install the System Monitor.
  2. Install the Agent by running the downloaded LRSystemMonitor_7.x.x.xxx.exe or LRSystemMonitor_64_7.x.x.xxxx.exe file.

  3. If the system does not have the 2022 Microsoft Visual C++ Redistributable Package installed, click Install when prompted.

  4. Follow the instructions in the LogRhythm System Monitor Service setup wizard.

    1. Pending Reboot. You may choose to ignore this warning and continue to install by clicking Next. If the install fails, reboot the system and try again.

      If a restart is required, this will be indicated in the setup wizard.

    2. License Agreement. Accept the license agreement, if it appears, and then click Next.

    3. Destination Folder. Use the default installation path whenever possible. Click Next.

    4. You are now ready to install the program. Click Install.

    5. When the wizard is complete, select the Launch System Monitor Configuration Manager check box to start the System Monitor Configuration Manager.

    6. Click Finish.

  5. The General tab of the System Monitor Configuration Manager appears. Do the following:

    1. Replace CHANGE_THIS with the static IP address or fully qualified domain name of the appropriate Data Processor. By allowing a domain name, LogRhythm deployment connection settings using an internal host name can control IP address assignment through the DNS server.
    2. Enter the port number of the Data Processor to which the System Monitor will connect. The valid range is 1 to 65535, and the default is 443.
    3. Enter the static IP address (of the host running the System Monitor Agent) to use when connecting to the Data Processor. This must be an IP address, rather than a hostname.
    4. Enter the client source port number this System Monitor uses when connecting to the Data Processor. The typical range is 49152 to 65535 (default is 0, which uses the OS ephemeral range).
    5. Enter the Host Entity ID in the Host Entity ID field if this system should be assigned to a specific entity (default is 1, meaning no entity assignment).

    6. If you wish to change the storage locations of the Configuration files or State (cache) files, or you are deploying for High Availability (HA) deployment, you can modify the following options:

      • Configuration File Parent Directory

      • State File Parent Directory

    7. Click Apply.

  6. Click the Windows Service tab.

    1. Set the Startup Type to Automatic.
    2. Configure the Log On Account if the System Monitor Agent will be performing remote log collection functions.
    3. Start the service.
  7. Click the Log File tab.

  8. To see the log file that is being collected, click Refresh.

    For new installations, you should see a log message for Pending Acceptance. Once this is received, it confirms the System Monitor Agent is able to communicate with the Data Processor.

  9. To exit the Local Configuration Manager, click OK.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close