LogRhythm Log Management

Comprehensive Log Data Collection and Log Management

Being able to collect log data from across an enterprise regardless of their source, present the logs in a uniform and consistent manner and manage the state, location and efficient access to those logs is an essential element to any comprehensive Log Management and Log Analysis solution. The LogRhythm solution was designed to address core log management needs including:

  • The ability to collect any type of log data regardless of source
  • The ability to collect log data with or without installing an agent on the log source device, system or application.
  • The ability to "normalize" any type of log data for more effective reporting and analysis
  • The ability to "scale-down" for small deployments and "scale-up" for extremely large environments
  • An open architecture allowing direct and secure access to log data via third-party analysis and reporting tools
  • A role based security model providing user accountability and access control
  • Automated archiving for secure long term retention
  • Wizard-based retrieval of any archived logs in seconds

Cross-platform Log Collection

Today's IT operations require many technologies; routers, firewalls, switches, file servers, and applications to name a few. LogRhythm has been designed to collect from them all through intelligent use of agent-less and agent-based techniques.

Windows Event Logs: Agent-less or Agent-based

LogRhythm can collect all types of Windows Event Logs with or without the use of an agent. LogRhythm collects Event logs via secure TCP transmission. Many Windows-based applications write their logs to the Application Event Log or a custom Event Log.

Examples of supported log sources that can be collected by LogRhythm in real time include:

  • Windows System Event Log
  • Windows Security Event Log
  • Windows Application Event Log
  • Microsoft Exchange Server application logs
  • Microsoft SQL Server application logs
  • Windows based ERP and CRM systems application logs


Many log sources, including most network devices (e.g. routers, switches, firewalls) transmit logs via Syslog. LogRhythm includes an integrated Syslog server for receiving and processing these messages. Simply point any syslog generating device to LogRhythm and it will automatically begin collecting and processing those logs.

Flat File Logs

LogRhythm can collect logs written to any ASCII-based text file. Whether it is a commercial system or homegrown application, LogRhythm can collect and manage them.

Examples of supported log sources using this method include:

  • Web servers logs (e.g. Apache, IIS)
  • Linux system logs
  • Windows ISA server logs
  • DNS and DHCP server logs
  • Host based intrusion detection/prevention systems
  • Homegrown application logs
  • Exchange message tracking logs

Universal Database Log Collection and Log Management

Since so much sensitive information resides in databases, it is important to monitor and track access and activity surrounding important databases. The actual and reputational cost of a theft of customer records can be very large. LogRhythm can help. LogRhythm collects, analyzes, alerts, and reports on logs from all ODBC-compliant databases including Oracle, Microsoft SQL Server, IBM DB2, Informix, MySQL, and others. It also captures data from custom audit logs and applications that run on the database. This capability enables customer to use LogRhythm for real-time database monitoring to guard against insider and outsider threats.

Agent-less and Agent-based collection

While most log sources can be collected by LogRhythm via agent-less methods, LogRhythm also offers powerful, low profile agent technology for situations where they make sense. Whether they are used for real-time flat file log collection or to aggregate and forward logs from a remote site, LogRhythm agents are the perfect complement to any deployment.

LogRhythm agent features include:

  • Collection of any flat-file ascii text log in real time (e.g. web server and application logs)
  • Transmission over secure TCP
  • Ability to aggregate and forward logs from multiple sources from any remote site (e.g. retail store, branch location).
  • Optional encryption during transmission
  • Ability to schedule transmission if needed (e.g. due to bandwidth constraints)
  • File-integrity monitoring
  • Collection load-balancing for distributed deployments

Scalable Log Centralization

LogRhythm is architected to scale easily and incrementally as your needs grow. Whether you need to collect 10 million or more than 1 billion logs per day, LogRhythm can handle it. With LogRhythm, you simply deploy the capacity you need when you need it, preserving your initial investment along the way. Deployments can start with a single, turnkey appliance and grow easily by adding incremental log manager appliances as needs expand. With LogRhythm's "building blocks" distributed architecture, you can access and analyze logs throughout your deployment with ease.

Log Archiving and Retrieval

Many businesses have compliance requirements to preserve historic log data and be able to provide it in its original form for legal or investigative purposes. Collecting, maintaining and recovering historic log data can be expensive and difficult. Imagine trying to recover logs from a specific server two years ago. Were the logs archived or saved anywhere. If so, where have the logs been stored? What format are they in? Can the correct archived log files be identified among the tens of thousands (or millions) of other archive files…in a reasonable period of time? With LogRhythm, the answers to these questions are easy.

LogRhythm completely automates the process of archiving and restoring log data. LogRhythm automatically archives unaltered log data to "sealed" self-describing files that are saved, organized and tracked by the system. Archive files can be saved on LogRhythm appliances or any network storage device you choose. LogRhythm uses a SHA-1 hash and compresses the logs in a non-proprietary format to protect log integrity. Compression typically results in a 95% reduction in storage requirements and associated cost. Archive files also include 'bookkeeping' information such as where and when the log data originated and other key characteristics.

Recovering historic logs is a snap. The Archive Restoration Wizard makes it easy to restore based on specific filtering criteria like date, user, system, etc. Hit start and LogRhythm takes care of the rest. Once restored, log data can be analyzed using standard LogRhythm analysis tools. What could have been weeks worth of effort becomes minutes with LogRhythm.

Activity Auditing

For compliance verification, users' and administrators' actions within LogRhythm are logged. LogRhythm user activity reports provide powerful proof that LogRhythm is actively used to analyze log data for compliance purposes.