LogRhythm is a SIEM that collects security and event data.

Configure LogRhythm

You must configure LogRhythm prior to using it for data collection.

To prepare LogRhythm to forward its Active Directory logs:

  1. Go to the LogRhythm Console and find "Syslog Receiver Properties".
  2. Confirm that the configuration matches the following:
    • Network protocol: TCP or UDP
    • Text Encoding: ASCII
    • TCP Delimiter: \n
    • Change CR/LF to whitespace: check box
    • Change TAB to whitespace: check box
    • In the "Syslog Sources" tab, select Relay the message according to the RFC3164 relay rules.
  1. Find to "Log Distribution Services," or you can search for it by selecting LogRhythm Help > Documentation and Guides.
    • Find these same instructions from inside the .NET LogRhythm Console application instead of the web application. From there, go to Help > LogRhythm Help.
  2. Configure Log Forwarding according to the provided instructions.
  3. When you configure an event source in InsightIDR, select Log Aggregator as your collection method. LogRhythm will appear in the list of available Log Aggregators.