1. Fortanix
  2. Fortanix Data Security Manager (DSM)
  3. Integration / Use-case
  4. Log Management/SIEM

Using Fortanix Data Security Manager with LogRhythm

Last Updated: 

Introduction

This article describes how to integrate and use LogRhythm as a Syslog server Fortanix Data Security Manager (DSM).

Configuring Syslog Server

  1. Go to the Fortanix DSM Account settings page and click the LOG MANAGEMENT tab to configure the Syslog Server details. Enter the IP and port number of the Syslog server. Logrythm-SyslogConfig.png
    Figure 1: Configure Syslog Server

Install Open Collector

To install the Open Collector on the Linux host:

  1. First, install Wget. 
    sudo yum install -y wget
  2. Download the Open Collector Control Script using the following command. 
    wget https://raw.githubusercontent.com/logrhythm/versions/master/lrctl
  3. Change the permissions. 
    chmod +x lrctl
  4. Initialize the Open Collector and start all the components. 
    sudo yum erase podman buildah
  5. Install the Docker-Community Edition (CE) using the following command. 
    ./lrctl init
    If there is no Docker CE, install it from the following website:
    https://docs.docker.com/engine/install/rhel/ 
  6. Start the Metrics service. 
    ./lrctl metrics start
  7. Finally, start the Open Collector. 
    ./lrctl open-collector start

Validate the Installation

  1. Validate that the services are running using the following three commands: 
    ./lrctl open-collector status
./lrctl metrics status
./lrctl < name>tus
  2. View the metrics in Grafana.
    http://<opencollectorip>:3000
  3. In Grafana, go to Open Collector, and then Open Collector Overview.
    1. The default Open Collector Overview dashboard has three columns. Each column includes a “Messages Per Second” and a “Counters (total)” graph. The “Pipelines” and “Output” columns also have “Errors” graphs.
    2. Left column: Input - a Beat is successfully sending logs to the Open Collector.
    3. Middle column: Pipelines - the logs are matching our Microsoft Defender for Identity (MDI).
    4. Right column: Output - the logs are successfully sent to the System Monitor Agent.

If data is flowing through the Open Collector, the graphs will be populated with data regarding total counts and the Mathematical Programming System (MPS) for various parts of the pipeline. Each graph has an information icon in the top-left corner. Point to this icon for a description of what each graph displays.

The graph shows heartbeat_pipe Message Received indicating the Syslog messages. OpenCollector.png
Figure 2: Open collector overview

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful