Scribd Logo
Importer

Bienvenue sur Scribd !

  • LogRhythm 7.3 Reference Card

    Transféré par

    Taha Khan
    465 vues11 pages
    This document provides an overview of the LogRhythm 7.3 product names and services associated with the Data Processor, Platform Manager, and Data Indexer. It lists the operating systems and databases supported by each component. It also describes the core microservices that make up the Data Indexer and their roles in indexing, persisting, and monitoring log data. Configuration services are outlined which manage service configurations and share changes. CloudAI replication services are also noted.

    Description originale:

    LR

    Titre original

    LogRhythm 7.3 Reference Card(1)

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    This document provides an overview of the LogRhythm 7.3 product names and services associated with the Data Processor, Platform Manager, and Data Indexer. It lists the operating systems and databases supported by each component. It also describes the core microservices that make up the Data Indexer and their roles in indexing, persisting, and monitoring log data. Configuration services are outlined which manage service configurations and share changes. CloudAI replication services are also noted.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    465 vues11 pages

    LogRhythm 7.3 Reference Card

    Transféré par

    Taha Khan
    This document provides an overview of the LogRhythm 7.3 product names and services associated with the Data Processor, Platform Manager, and Data Indexer. It lists the operating systems and databases supported by each component. It also describes the core microservices that make up the Data Indexer and their roles in indexing, persisting, and monitoring log data. Configuration services are outlined which manage service configurations and share changes. CloudAI replication services are also noted.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 11

    LogRhythm 7.

    3 Reference Card
    Product Names
    Data Processor &
    Platform Manager
    PM Data Processor
    DP Data Indexer
    DX Data Indexer DPX
    Operating System Operating System Operating System Operating System
    Gen 3 – Windows 2008 R2
    Windows 2012 R2 Windows 2012 R2
    Gen 4 – Windows 2012 R2
    7.3.3: Windows 2016 new installs only CentOS 7.3 (Linux) (Gen3 LM only)
    7.3.3: Windows 2016 new installs only
    7.3.4: Windows 2016 7.3.4: Windows 2016
    7.3.4: Windows 2016
    Databases Databases Databases Databases

    Elasticsearch
    MSSQL Standard 2016 SP1 No Databases
    Influx DB
    LogRhythm_Alarms
    LogRhythm_CMDB Elasticsearch
    LogRhythm_Events Influx DB
    LogRhythm_LogMart LogRhythm Archives LogRhythm Archives
    LogRhythmEMDB
    Active and Inactive Archives Active and Inactive Archives

    LogRhythm Services LogRhythm Services LogRhythm Services LogRhythm Services


    AllConf
    Admin API AllConf Anubis
    Anubis Bulldozer
    AI Engine*
    Bulldozer Carpenter
    AI Engine Cache Drilldown Carpenter Columbo
    AI Engine Communication Manager* Columbo ConfigServer
    Alarming and Response Manager ConfigServer Consul-template
    API Gateway Consul-template Denorm
    Denorm Elasticsearch
    Authentication API API Gateway Elasticsearch GoDispatch
    Job Manager Mediator Server GoDispatch GoMaintain
    Notification Service GoMaintain Grafana
    Service Registry
    Service Registry Grafana Heartthrob
    System Monitor
    LogRhythm SQL Service Heartthrob InfluxDB
    Windows Authentication Service InfluxDB Spawn
    LogRhythm API Gateway Transporter
    System Monitor Service
    LogRhythm Service Registry Vitals
    -------------------------------------------- Spawn Watchtower
    *AI Engine services are installed Transporter API Gateway
    optionally on the PM or a separate Vitals Mediator Server
    server Watchtower Service Registry
    System Monitor
    Data Indexer Micro-Services Overview
    Core Data Indexer Services

    Anubis Elasticsearch
    Ensures logs don’t get dropped between the Data Indexer and the Data
    Processor. Also sends acknowledgements back to the DP when it receives the Indexes and persists log data
    logs.

    Bulldozer GoDispatch
    Registers the Elasticsearch Cluster name and Node/s in the EMDB Inserts log data received from the Data Processor and the Archive Restoration
    Writes Cluster statistics to the EMDB for use in the Deployment Monitor component into Elasticsearch

    Carpenter GoMaintain
    Reads EMDB table values that are required for ID to Value translation purposes Maintains disk space below a threshold (80% used by default) on the Cluster
    and inserts them into Elasticsearch as individual Indices that are used by volume by removing older indices
    Columbo

    Columbo Transporter
    Runs Investigations, Tails, AI Engine Drilldowns & Report query requests against
    Accepts batches of logs from DP and sends individual logs to Denorm
    Elasticsearch on behalf of the Web & Client Consoles

    Denorm

    Injects context data into log messages


    Monitoring Data Indexer Services

    Grafana NGinx
    Manages access to the AllConf, Grafana and Consul web-based front-ends via
    Provides web-UI for visualization of metrics stored in InfluxDB
    reverse-proxy

    HeartThrob Vitals
    Monitors the DX micro-services and system health Receives metrics from all DX micro-services
    Has the ability to automatically restart DX services Receives metrics from the DP Mediator

    InfluxDB

    Stores the metrics collected by Vitals

    Configuration Data Indexer Services

    AllConf Consul-template
    Renders service level configurations to disk from cluster data, allowing
    Provides a web-UI for modifying the Data Indexer configuration
    persistence.

    ConfigServer Service Registry

    Manages configuration files for all DX micro-services A Key Value (KV) store used to share service level configuration changes
    All DX micro-services request their configuration files from here between all hosts in a deployment
    CloudAI Data Indexer Services

    Spawn Watchtower

    Replicates data to CloudAI Receives analytics data from CloudAI

    Data Indexer File Locations


    Windows Linux

    Data Indexer Binaries C:\Program Files\LogRhythm\Data Indexer /usr/local/logrhythm

    Data Indexer Config Files


    C:\Program Files\LogRhythm\Data Indexer\configserver\conf /usr/local/logrhythm/configserver/conf
    (Always use AllConf)
    /var/log/Elasticsearch
    C:\Program Files\LogRhythm\Data Indexer\logs
    /var/log/Grafana
    C:\Program Files\LogRhythm\Data Indexer\Elasticsearch\logs
    Data Indexer Log Files /var/log/influxdb
    C:\Program Files\LogRhythm\Data Indexer\Grafana\logs
    /var/log/nginx
    /var/log/persistent

    ${DXDATAPATH}\elasticsearch\data
    Data Indexer logs- Repository
    ${DXDATAPATH} = C:\Program Files\LogRhythm\Data Indexer /usr/local/logrhythm/db/elasticsearch/data
    (Default Path)
    Note: This should be changed to a location other than C:

    Data Indexer InfluxDb Database Path C:\Program Files\LogRhythm\Data Indexer\influxdb\data\stats\default /usr/local/logrhythm/db/influxdb/data/stats/default


    C:\Program Files\LogRhythm\Data Indexer\tools\start-all-services.bat /usr/local/logrhythm/tools/start-all-services-linux.sh
    Data Indexer Service Start/Stop Scripts
    C:\Program Files\LogRhythm\Data Indexer\tools\stop-all-services.bat /usr/local/logrhythm/tools/stop-all-services-linux.sh
    Data Indexer Uninstall Script
    - /usr/local/logrhythm/logrhythm-uninstall.sh
    (Linux Only)
    Data Indexer Service Names

    Windows Display Name Windows Service Name Linux

    AllConf LogRhythm DX - AllConf lr-allconf allconf

    Anubis LogRhythm Reliable Messaging (Anubis) lr-anubis anubis

    Bulldozer LogRhythm DX - SQL Writer Service (Bulldozer lr-bulldozer bulldozer


    LogRhythm DX - EM to DX Synchronization Service
    Carpenter lr-carpenter carpenter
    (Carpenter)

    Columbo LogRhythm DX - Index Query Service (Columbo) lr-columbo columbo

    ConfigServer LogRhythm DX - Configuration Server lr-configserver configserver

    Consul LogRhythm DX - Cluster Configuration Service (consul) lr-consul consul

    Consul-Template LogRhythm DX - Cluster Templating Service (consul-template) lr-consul-template consul-template


    LogRhythm DX – Injection context data into log messages
    Denorm lr-denorm denorm
    (Denorm)

    Elasticsearch LogRhythm DX - Elasticsearch Service lr-elasticsearch elasticsearch

    GoDispatch LogRhythm DX – Batches Logs Into Elasticsearch (GoDispatch) lr-godispatch godispatch

    GoMaintain LogRhythm DX - Data Indexer Maintenance (GoMaintain) lr-gomaintain gomaintain

    Grafana LogRhythm DX - Grafana Service lr-grafana grafana

    HeartThrob LogRhythm DX - Service Monitoring (HeartThrob) lr-heartthrob heartthrob

    InfluxDB LogRhythm DX - InfluxDB Service lr-influxdb influxdb

    Spawn LogRhythm DX – CloudAI Data Splitter (Spawn) lr-spawn spawn

    Transporter LogRhythm DX – HTTP/REST interface to DX (Transporter) lr-transporter transporter

    Vitals LogRhythm DX - Metrics Collection Service (Vitals) lr-vitals vitals

    WatchTower LogRhythm DX – CloudAI Data Receiver (WatchTower) lr-watchtower watchtower


    Life of a Log – 7.3
    Data Indexer Communication Ports

    Destination Operating
    Micro-Service Protocol Direction Purpose
    Port System

    Inbound to DX DX configuration. Port 80 is


    TCP 80 Linux
    or Local forwarded to 443

    Inbound to DX
    AllConf TCP 443 Linux DX configuration
    or Local

    Inbound to DX
    TCP 9100 Windows DX configuration
    or Local

    Outbound to 7.1.4-7.1.x: Acks back to DP that


    TCP 13100, 13105 Windows & Linux
    DP log is in DX

    Anubis

    Outbound to 7.2.x: Acks back to DP that log is


    TCP 16100 Windows & Linux
    DP in DX

    Inbound from Communication between all


    API Gateway TCP 8501 Windows & Linux
    DP components

    Outbound from
    Bulldozer TCP 1433 Windows & Linux SQL Server access to EMDB
    DX to PM

    Outbound from
    Carpenter TCP 1433 Windows & Linux SQL Server access to EMDB
    DX to PM

    Web Console/Client Console


    Columbo HTTP n/a Inbound to DX Windows & Linux
    queries

    ConfigServer TCP 13000-13004 Windows & Linux DX configuration updates

    Outbound to
    Denorm TCP 1433 Windows & Linux Used for SQL access
    PM

    TCP 9200 DX Local Only Windows & Linux Curl queries to Elasticsearch

    Elasticsearch
    For cluster replication and
    TCP 9300-9400 Inter-node Linux federation across nodes in the
    same cluster
    Inbound to DX
    TCP 8111 Linux Grafana dashboard on Linux
    or Local

    Grafana

    Inbound to DX
    TCP 8110 Windows Grafana dashboard on Windows
    or Local

    Vitals on a node writing to


    InfluxDB TCP 8087 Inter-node Windows & Linux
    InfluxDB

    TCP 8300 Inter-node Windows & Linux Nodes in cluster sharing keys

    TCP 8301 Inter-node Windows & Linux Nodes in cluster sharing keys

    LogRhythm Service Registry

    Inbound to DX
    TCP 8112 Linux Consul administration dashboard
    or Local

    TCP 8500 DX Local Only Windows Consul administration dashboard

    Outbound from Sends data to CloudAI via


    Spawn HTTPS n/a Windows & Linux
    DX analytics.logrhythm.com

    Transporter HTTP n/a Inbound to DX Windows & Linux API Gateway communication

    TCP 13200 Inbound to DX Windows & Linux Collection of Mediator statistics

    Vitals

    TCP 13202 Inbound to DX Windows & Linux Collection of Mediator statistics

    Released Versions
    Below are the versions of all components that were released for 7.3.x. Please be sure you are on the version below post-upgrade.

    7.3.2
    Service Version
    LogRhythm Administration API 7.3.2.198
    LogRhythm Advanced Intelligence (AI) Engine 7.3.2.8000
    LogRhythm AI Engine Cache Drilldown 7.3.2.59
    LogRhythm Alarming Engine 7.3.2.9000
    LogRhythm Authentication Services 7.3.2.135
    LogRhythm Common 7.3.2.196
    LogRhythm Configuration Manager 7.3.2.12
    LogRhythm Console 7.3.2.9002
    LogRhythm DX 7.3.2.5230
    LogRhythm Infrastructure Installer 7.3.2.505
    LogRhythm Job Manager 7.3.2.8000
    LogRhythm Mediator Server Service 7.3.2.9002
    LogRhythm Notification Service 7.3.2.18
    LogRhythm System Monitor Service 7.3.2.8000
    LogRhythm Web Services 7.3.2.436
    7.3.3
    Service Version
    LogRhythm Administration API 7.3.3.183
    LogRhythm Advanced Intelligence (AI) Engine 7.3.3.8000
    LogRhythm AI Engine Cache Drilldown 7.3.3.81
    LogRhythm Alarming Engine 7.3.3.8000
    LogRhythm Authentication Services 7.3.3.95
    LogRhythm Common 7.3.3.221
    LogRhythm Configuration Manager 7.3.3.5
    LogRhythm Console 7.3.3.8003
    LogRhythm DX 7.3.3.5566
    LogRhythm Infrastructure Installer 7.3.3.567
    LogRhythm Job Manager 7.3.3.8000
    LogRhythm Mediator Server Service 7.3.3.8004
    LogRhythm Notification Service 7.3.3.12
    LogRhythm System Monitor Service 7.3.3.8002
    LogRhythm Web Services 7.3.3.167

    7.3.3 HF1
    Service Version
    LogRhythm Administration API 7.3.3.183
    LogRhythm Advanced Intelligence (AI) Engine 7.3.3.8000
    LogRhythm AI Engine Cache Drilldown 7.3.3.81
    LogRhythm Alarming Engine 7.3.3.8000
    LogRhythm Authentication Services 7.3.3.95
    LogRhythm Common 7.3.3.221
    LogRhythm Configuration Manager 7.3.3.6
    LogRhythm Console 7.3.3.8003
    LogRhythm DX 7.3.3.5566
    LogRhythm Infrastructure Installer 7.3.3.567
    LogRhythm Job Manager 7.3.3.8000
    LogRhythm Mediator Server Service 7.3.3.8004
    LogRhythm Notification Service 7.3.3.12
    LogRhythm System Monitor Service 7.3.3.8002
    LogRhythm Web Services 7.3.3.167

    7.3.3 HF2
    Service Version
    LogRhythm Administration API 7.3.3.183
    LogRhythm Advanced Intelligence (AI) Engine 7.3.3.9000
    LogRhythm AI Engine Cache Drilldown 7.3.3.84
    LogRhythm Alarming Engine 7.3.3.8000
    LogRhythm Authentication Services 7.3.3.95
    LogRhythm Common 7.3.3.221
    LogRhythm Configuration Manager 7.3.3.6
    LogRhythm Console 7.3.3.9000
    LogRhythm DX 7.3.3.5566
    LogRhythm Infrastructure Installer 7.3.3.567
    LogRhythm Job Manager 7.3.3.8000
    LogRhythm Mediator Server Service 7.3.3.9000
    LogRhythm Notification Service 7.3.3.15
    LogRhythm System Monitor Service 7.3.3.9000
    LogRhythm Web Services 7.3.3.167
    7.3.3 HF3
    Service Version
    LogRhythm Administration API 7.3.3.183
    LogRhythm Advanced Intelligence (AI) Engine 7.3.3.9000
    LogRhythm AI Engine Cache Drilldown 7.3.3.84
    LogRhythm Alarming Engine 7.3.3.9200
    LogRhythm Authentication Services 7.3.3.95
    LogRhythm Common 7.3.3.221
    LogRhythm Configuration Manager 7.3.3.6
    LogRhythm Console 7.3.3.9000
    LogRhythm DX 7.3.3.5566
    LogRhythm Infrastructure Installer 7.3.3.567
    LogRhythm Job Manager 7.3.3.8000
    LogRhythm Mediator Server Service 7.3.3.9000
    LogRhythm Notification Service 7.3.3.15
    LogRhythm System Monitor Service 7.3.3.9000
    LogRhythm Web Services 7.3.3.167

    7.3.4
    Service Version
    LogRhythm Administration API 7.3.4.176
    LogRhythm Advanced Intelligence (AI) Engine 7.3.4.8008
    LogRhythm AI Engine Cache Drilldown 7.3.4.13
    LogRhythm Alarming Engine 7.3.4.8009
    LogRhythm Authentication Services 7.3.4.55
    LogRhythm Common 7.3.4.284
    LogRhythm Configuration Manager 7.3.4.6
    LogRhythm Console 7.3.4.8005
    LogRhythm DX 7.3.4.6032
    LogRhythm Infrastructure Installer 7.3.4.779
    LogRhythm Job Manager 7.3.4.8000
    LogRhythm Mediator Server Service 7.3.4.8000
    LogRhythm Notification Service 7.3.4.12
    LogRhythm System Monitor Service 7.3.4.8000
    LogRhythm Web Services 7.3.4.119

    7.3.4 HF1
    Service Version
    LogRhythm Administration API 7.3.4.176
    LogRhythm Advanced Intelligence (AI) Engine 7.3.4.9000
    LogRhythm AI Engine Cache Drilldown 7.3.4.13
    LogRhythm Alarming Engine 7.3.4.8009
    LogRhythm Authentication Services 7.3.4.55
    LogRhythm Common 7.3.4.284
    LogRhythm Configuration Manager 7.3.4.6
    LogRhythm Console 7.3.4.9000
    LogRhythm DX 7.3.4.6032
    LogRhythm Infrastructure Installer 7.3.4.779
    LogRhythm Job Manager 7.3.4.9000
    LogRhythm Mediator Server Service 7.3.4.9000
    LogRhythm Notification Service 7.3.4.12
    LogRhythm System Monitor Service 7.3.4.8000
    LogRhythm Web Services 7.3.4.119
    7.3.4 HF2
    Service Version
    LogRhythm Administration API 7.3.4.176
    LogRhythm Advanced Intelligence (AI) Engine 7.3.4.9000
    LogRhythm AI Engine Cache Drilldown 7.3.4.13
    LogRhythm Alarming Engine 7.3.4.8009
    LogRhythm Authentication Services 7.3.4.55
    LogRhythm Common 7.3.4.294
    LogRhythm Configuration Manager 7.3.4.6
    LogRhythm Console 7.3.4.9000
    LogRhythm DX 7.3.4.6361
    LogRhythm Infrastructure Installer 7.3.4.906
    LogRhythm Job Manager 7.3.4.9000
    LogRhythm Mediator Server Service 7.3.4.9000
    LogRhythm Notification Service 7.3.4.12
    LogRhythm System Monitor Service 7.3.4.9100
    LogRhythm Web Services 7.3.4.126

    Vous aimerez peut-être aussi