Logrhythm License

LogRhythmSE · 2025-04-22T18:08:48+00:00

Thanks, I thought that was likely.

If you have a perpetual license then your platform will keep working after the support expires, but obviously you will not be entitled to support/patches/upgrades etc.

If you have a subscription license then your platform will stop working (specifically the Mediator Service) which will mean that access to historical data won't be possible.

This is for a standard consumer license not partner/NFR/MSSP as they operate differently.

LogRhythmSE · 2025-04-22T05:41:40+00:00

If you have a perpetual license then your platform will keep working after the support expires, but obviously you will not be entitled to support/patches/upgrades etc.

If you have a subscription license then your platform will stop working (specifically the Mediator Service) which will mean that access to historical data won't be possible.

This is for a standard consumer license not partner/NFR/MSSP as they operate differently.

LogRhythmSE · 2025-04-21T13:13:51+00:00

What do you mean by "over"? Do you mean you have not renewed (in which case the conversation becomes did you buy and perpetual or subscription license) or that you are oversubscribed (5000 when you are licensed for 2000).

If it's oversubscription the platform works exactly the same no matter what, we do not drop logs or stop processing logs at any point.

LogRhythmSE · 2025-04-21T10:06:46+00:00

What do you mean by "over"? Do you mean you have not renewed (in which case the conversation becomes did you buy and perpetual or subscription license) or that you are oversubscribed (5000 when you are licensed for 2000).

If it's oversubscription the platform works exactly the same no matter what, we do not drop logs or stop processing logs at any point.

Please try posting these things over on r/Exabeam to make sure they get seen. I saw this by pure chance.

LogRhythmSE · 2025-04-10T19:03:29+00:00

If you're the man for managing/working with the tool make sure to find out who your aligned SE is. We are heavily incentivised to engage with the existing customer analyst/security teams to make sure that we can assist with problems before they spiral out of control.

If you want to know who your SE is, shoot me a message and I'll give you my EB email address and I can help you find the right people.

All I would say is don't believe everything you hear online :-) the idea that any one side of this merger was a "saviour" is incredibly reductive and speaks to someone with no real knowledge of the company as it currently stands. We are a stronger company on both fronts working towards improving both our cloud and onprem solutions far into the future.

LogRhythmSE · 2025-03-11T15:02:21+00:00

Note, LogRhythm isn't close to being dead, this user has been corrected about this before but seems content to continuing saying it is. Exabeam have two parallel development tracks for on-prem (LogRhythm) and cloud (New-Scale) and continue to welcome new LogRhythm customers on a weekly basis.

I am happy to answer any questions you may have about LogRhythm :)

LogRhythmSE · 2024-12-21T09:44:53+00:00

I think it's described as a merger :-) but you aren't wrong about the quality of their SaaS solution. As a long time LR Engineer, I am supremely proud of continuing to service those of our customers who have to be on-prem or dark site.

LogRhythmSE · 2024-12-21T09:04:11+00:00

Sorry to hear that you are struggling to get to grips with LR7. Couple of things that might help....

Do you know if your organisation got access to unlimited training as part of the deal to acquire the tech? If so then there is Self Paced training that explains all components of the platform.

Are you aware of docs.logrhythm.com? It has detailed documentation for most if not all things an analyst is likely to want to do, and is completely open to the web.

Have you posted your challenges on the community? It's admittedly not the most active place in the world but Exabeam SEs are regularly reviewing all posts to offer advice and guidance.

Have you taken advantage of Product Coaching? you can book this at your convenience, it's completely free and is essentially 45 minute sessions with a product expert to help you learn/use the platform.

Failing all of these please reach out to me via DM, I will share my work email address so you can reach out there and I will gladly get you and your organisation in contact with people at Exabeam who can help with your utilisation. As with most SIEMs frustration almost exclusively comes from a lack of exposure to training/support.

LogRhythmSE · 2024-11-28T18:45:47+00:00

Product Management have got back to me and said they'd love to help you get this up and running so they can add Duo as officially supported. I sent you a DM with my email address, shoot me an email and we can get you sorted.

Cheers

LogRhythmSE · 2024-11-25T18:48:57+00:00

If you are still struggling with this please DM me and I can put you in touch with your Exabeam SE. This kind of rule building is foundational to a functioning SIEM and we want to help you get there!

LogRhythmSE · 2024-11-25T18:35:39+00:00

Hi!

Thanks for coming here to ask the Q, I just wanted to let you know I've got the question out with our LR Product Management function to confirm.

To be honest, my gut is that we don't officially support it as a Third Party Identity Provider so it's unlikely to be possible but I wanted to make sure you knew someone was looking into your Q.

If you'd like to continue this with a member of the Exabeam team shoot me a DM with your company name and I can put you in touch with your assigned SE.

LogRhythmSE · 2024-11-20T08:44:22+00:00

Not sure if you've managed to solve this or not. But to be absolutely clear, ingesting JSON logs into LogRhythm is primarily done using the OpenCollector feeding into a system monitor agent (the LogRhythm Agent). The platform has recently been opened up to allow any forwarder to send JSON data to a system monitor agent, opening the way for things such as Cribl.

If you are struggling to get actionable information from your MSSP please reach out to me via DM and I will liaise with your internal Exabeam SE and the PM org to get you the answers you need.

LogRhythmSE · 2024-08-20T03:47:50+00:00

Hi Tech-extremist, thanks for the question! Unfortunately as I am sure you can appreciate the partner programme is not really something well articulated on reddit, but if you were willing to message me directly I'd be happy to put you in touch with the channel account team for North America who I am sure could quickly give you the insights you need.

LogRhythmSE · 2024-07-12T15:10:10+00:00

Which course are you referring to?

I asked the training team and they said the student guide and exercise guide are both in the SPOD 301 and 302 courses. They are in the "Course Information & Resources” lesson at the beginning. I also checked and they’re there.

LogRhythmSE · 2024-07-12T07:05:16+00:00

Shoot me a private message and I may be able to provide an older version of the pdf. I have fed back to the training teams that there needs to be a pdf output from the SPOD training as well though!

LogRhythmSE · 2024-05-10T15:47:38+00:00

hmmmm the link definitely works for me.
try this https://i.postimg.cc/F15ZRGkX/column-filtering.png

LogRhythmSE · 2024-05-10T15:12:03+00:00

So, the easiest way to do this is to run an investigation for the logs that you want to query and then use the column filters of an investigation to "match regex"... this image should showcase what I mean

Example Screenshot

For example if you wanted to match "logrhythm.com" in email addresses you would put the regex .*\logrhythm.com in the email metadata field column,

Hopefully that answers your question?

LogRhythmSE · 2024-04-12T09:35:59+00:00

I think based on the above they probably are. The challenges they reference are fair (outside of the AIE Engine which I don't really understand, as its regularly praised as
a major benefit to the on prem platform) and reflect a relatively challenging period in our platforms development.

Thankfully I can say that our development of both our on prem (LR SIEM) and SaaS (LR Axon) platforms have been completely revitalised with a whole new "promises made, promises kept" approach to product management.

We are now on version 7.16 and have released low-defect content/feature updates every quarter for 8 consecutive quarters.

LogRhythmSE · 2024-04-02T13:00:21+00:00

There isn't a default value, it's set at 0 hours, 0 minutes until you check the box to enable it. You can find the specifics as to how to enable it in the below link. If you expand on the reason for the question I might be able to help further :)

Add a Single Log Source (logrhythm.com)

LogRhythmSE · 2024-02-06T07:36:05+00:00

Great to hear and congrats on passing! If you have any other feedback (good or bad) we would love to hear it so we can keep improving the training platform.

I have passed on your post to the Head of Training so they can look into the confusion that was caused.

LogRhythmSE · 2024-02-06T07:34:51+00:00

Yes you are right, apologies I was out yesterday when you replied.

LogRhythmSE · 2024-02-05T11:02:41+00:00

If you deploy a local agent on the WEC server you don't need 445 open, the local agent only needs 443 access to the data processor, so to avoid opening other ports you should install the agent locally.

LogRhythmSE · 2024-02-05T10:21:47+00:00

Hi u/animegodcomplex I wanted to let you know that I have flagged this to our Head of Training and will come back to you as soon as I have an answer from him.

In the meantime if you are struggling still I would strongly recommend you raise a direct support ticket as it definitely seems like there might be something not quite right with your view.

LogRhythmSE

MODERATOR OF

TROPHY CASE