LogRhythm is a SIEM that collects security and event data.
You must configure LogRhythm prior to using it for data collection.
To prepare LogRhythm to forward its Active Directory logs:
- Go to the LogRhythm Console and find "Syslog Receiver Properties".
- Confirm that the configuration matches the following:
- Network protocol: TCP or UDP
- Text Encoding: ASCII
- TCP Delimiter: \n
- Change CR/LF to whitespace: check box
- Change TAB to whitespace: check box
- In the "Syslog Sources" tab, select Relay the message according to the RFC3164 relay rules.
- Find to "Log Distribution Services," or you can search for it by selecting LogRhythm Help > Documentation and Guides.
- Find these same instructions from inside the .NET LogRhythm Console application instead of the web application. From there, go to Help > LogRhythm Help.
- Configure Log Forwarding according to the provided instructions.
- When you configure an event source in InsightIDR, select Log Aggregator as your collection method. LogRhythm will appear in the list of available Log Aggregators.
Did this page help you?