LogRhythm components communicate over TCP, UDP, or HTTPS on specific ports. All communications between these components must be real IP to real IP. Network address translation (NAT) cannot be used between core components (AIE, DP, DX, PM, Web).
For more information, see Windows Event Log Collection. A special user account must be created on the domain for remote event log collection. Remote Event Log Collection User Account.However, LogRhythm recommends adding it to make remote event log collection easier to manage. A LogRhythm server does not need to be a member of the Windows Domain to function correctly. It is recommended that the LogRhythm server acting as the Platform Manager be entered into DNS so it is addressable by name. For many topologies, best practice is to use one of the 1Gb interfaces as management and one of the 10Gb interfaces for data. All IP addresses should be statically assigned or reserved to avoid IP changes. LogRhythm appliances include multiple network interfaces to accommodate different deployment topologies. This page covers the networking and communication considerations and requirements to help you deploy your solution. It is generated using a cryptographically strong pseudo random number generator.There are general guidelines, considerations, and standards to consider prior to deploying your solution within a network. You can (and are encouraged to) use multiple tokens in one TCP stream.Ī token has the form of a randomly generated UUID, for example 2bfbea1e-10c3-4419-bdad-7e6435882e1f. Token-based logging is also ideal if you want to log from a programmable application in a language like Ruby, Java, Python. It is also suitable for logging sources which change public IP address (and thus Plain TCP/UDP cannot be used) or you have to log from multiple sources with the same public IP address. This is suitable for platform providers with centralized logging, since it allows multiple log sources to be associated with a centralized destination log in InsightOps when you have multiple users per server instance. The token will not appear in any of your log entries as it is removed by the InsightOps server upon processing. The token must appear at the start of the log event.
Token-based input is a single TCP connection where each log line contains a token which uniquely identifies the destination log.
0 kommentar(er)
