Download LogRhythm

The Database Upgrade Tool is packaged in a .ZIP archive. After downloading the archive, copy it to each XM appliance or server that you want to upgrade, and then extract the contents of the archive into a new directory.Download the LogRhythm Install WizardThe LogRhythm Install Wizard can install any supported combination of the LogRhythm components on an appliance or server.The Install Wizard is packaged in a .ZIP archive. After downloading the archive, copy it to each appliance or server that you want to upgrade, and then extract the contents of the archive into a new directory. Each of the LogRhythm component installers are included with the Install Wizard. They can be found in the Installers directory where you extracted the archive. ComponentInstallerInfrastructure InstallerLogRhythmInfrastructureInstaller-7.x+#.msiAdmin APILRAdministrationAPI_64_7.x.#.exeAI EngineLRAIEngine_64_7.x.#.exeAIE Cache DrilldownLRAIEngineCacheDrilldown_64_7.x.#.exeAlarming and Response ManagerLRAlarmingManager_64_7.x.#.exeAuthentication ServicesLRAuthenticationServices_64_7.x.#.exeConfiguration ManagerLRConfigurationManager_64_7.x.#.exeClient ConsoleLRConsole_64_7.x.#.exeData Indexer (Windows)LRDataIndexer_7.x.#.exeJob ManagerLRJobManager_64_7.x.#.exeMediator ServerLRMediator_64_7.x.#.exeNotification ServiceLRNotificationService_64_7.x.#.exeWindows System Monitor (32-bit)LRSystemMonitor_7.x.#.exeWindows System Monitor (64-bit)LRSystemMonitor_64_7.x.#.exeWindows System Monitor for Windows Server 2008 R2 CoreLRSystemMonitor_64Core_7.x.#.exeLogRhythm Web ConsoleLRWebServices_64_7.x.#.exeDownload the Linux Data Indexer InstallerFor users who are upgrading one or more Linux Data Indexers, run the LogRhythm package installer on your existing Indexer system. You can download the .run package installer from the LogRhythm Community. The file is named LRDataIndexer-.version.x86_64.run.After downloading the installer, use a program like WinSCP to copy it to the logrhythm user’s home directory on one of your Indexer appliances (for example, /home/logrhythm/Soft). When connecting to the Indexer system to transfer the file, connect as the logrhythm user. When upgrading the Linux Indexer, note the following:Your cluster can contain 1 or 3-10 physical hot nodes (must contain at least 1 hot node), and 1-10 warm nodes (optional).You only need to run the package installer on one of the cluster nodes.You should run the upgrade installer on the same server where you ran the original installer.Each Indexer appliance or server in a cluster must be of identical specification. For example, the same appliance model, or same configuration of processors, hard drives, network interfaces, and RAM. Download TLS 1.2 Patches and HotfixesTo enable communication over TLS 1.2 for all LogRhythm SIEM components, your base deployment must meet the following requirements:Platform Manager is running SQL Server 2016 Standard SP1, SQL Server 2019, or SQL Server 2022.LogRhythm SIEM core components on Windows are running Microsoft .NET Framework 4.7.2. .NET 4.7.2 will be installed by component installers that require it. After ensuring that your base deployment meets the above requirements, .NET 4.7.2 rollup updates are required on all Windows appliances or servers running LogRhythm components. If the target appliance is up-to-date with important Windows updates, some hotfixes may not be required. If this is the case, the installer indicates that. Installers for all the required patches and hotfixes are available in a .zip file on the Community

For customers looking to leverage additional visualization tools, LogRhythm SIEM is compatible with Kibana. Designing Kibana with LogRhythmBy default, Kibana connects to the local Elasticsearch node running on the host where you install Kibana, listening on localhost:9200 by default. This connection to the local node allows you to visualize data from all nodes within the same cluster. In a Windows/XM configuration, you should run one Kibana UI for each XM in your environment. This could be multiple instances if you have a DR configuration.For Linux DX configurations, you should run one Kibana UI for each cluster from which you want to visualize data. You can pick any node in the cluster from which to run Kibana and it will visualize all data within that cluster. Kibana can visualize open index data only (hot tier), so any closed indexes (warm tier) will not be visible. Support for multi-cluster Kibana configurations is out-of-scope for this documentation. Please refer to our Professional Services team for assistance with this type of configuration.Kibana VersionsThe version of Kibana must match the version of Elasticsearch being used, and the OSS version must always be used. In the event that your LogRhythm version is upgraded, you may need to upgrade Kibana. LogRhythm Versions 7.8 - 7.17 - Elasticsearch 6.8.23 - Kibana 6.8.23 DownloadLogRhythm Versions 7.18+ - Elasticsearch 7.10.2 - Kibana 7.10.2 DownloadWarnings and Disclaimers Kibana is a third-party software and is licensed under third-party terms. The OSS edition falls under the Apache 2.0 license agreement and can be used with LogRhythm. All other editions of Kibana should not be used. Kibana may have a detrimental effect on LogRhythm SIEM’s indexing and search performance. Use of Kibana is at your own risk. It is important to note that Kibana requires storage space within the Elasticsearch clusters, which can negatively impact your Data Indexer’s ability to store logs, and can decrease the TTL of available log data. LogRhythm cannot provide support for Kibana, and if Kibana negatively impacts your Data Indexer, LogRhythm may ask you to remove the instance of Elasticsearch per LogRhythm’s Support Services Addendum.LogRhythm SIEM and Kibana ConfigurationEnsure the Elasticsearch cluster is healthy by performing the following steps:On the DX server, run the curl command: BASH curl localhost:9200/_cluster/health?prettyIf the status isn’t green, consider working with LogRhythm Support to ensure your cluster is healthy before configuring Kibana.Download Kibana. LogRhythm Versions 7.8 - 7.17 - Elasticsearch 6.8.23 - Kibana 6.8.23

Downloads page for the current release, under TLS 1.2 Support. You should download LR_75x_TLS_support.zip, extract its contents, and then distribute the required installers to the required appliances or computers in your deployment.Download the HA Upgrade 7.x.zip File Two PowerShell scripts, PreUpgrade.ps1 and PostUpgrade.ps1, are needed for the upgrade. These scripts can be found in the HA Upgrade 7.x.zip file on the LogRhythm Community.Download the HA Upgrade 7.x.zip file from the Community to a local directory on the primary and secondary nodes. The file can be found on the LogRhythm Community under Documentation and Downloads > High Availability.Note the directory where the HA Upgrade 7.x.zip file is stored on each node. This information is needed later in these instructions.(Optional) Download System Monitor Packages for *NIXThe System Monitor packages for UNIX and Linux are available on the LogRhythm Community. Next to each package is a link to a SHA256 checksum file you can use to verify the integrity of the downloaded file. Operating SystemVersion32/64-bitInstaller NameAIXAIX7.164-bitscsm-7.x.####_aix71.tarAIX7.264-bitscsm-7.x.####_aix72.tarCentOSCentOS864-bitscsm-7.x.####-centos8.el8.x86_64.rpmDebianDebian1064-bitscsm-7.x.####-8_amd64.debOracleOracle Hardened Linux764-bitscsm-7.x.####-1.uek7.x86_64.rpmOracle Hardened Linux864-bitscsm-7.x.####-1.uek8.x86_64.rpmOracle Hardened Linux964-bitscsm-7.x.####-1.uek9.x86_64.rpmSolarisSolaris x8610, 1164-bitscsm-7.x.####_solaris10_x86.tarSolaris SPARC10, 1164-bitscsm-7.x.####_solaris10_11_sparc.tarRed Hat Enterprise LinuxRed Hat Enterprise864-bitscsm-7.x.####-1.el8.x86_64.rpmRed Hat Enterprise964-bitscsm-7.x.####-1.el9.x86_64.rpmSUSEopenSUSE Linux Server1264-bitscsm-7.x.####-1.suse12.x86_64.rpmopenSUSE Linux Server1364-bitscsm-7.x.####-1.suse13.x86_64.rpmUbuntuUbuntu1864-bitscsm-7.x.####-Ubuntu18_x64.debUbuntu2264-bitscsm-7.x.####-Ubuntu22_x64.deb

You can download the TrueIdentity Sync Client from the LogRhythm Community, on the downloads page for your specific release. Installers are available for Windows platforms.The host upon which you install the TrueIdentity Sync Client must be able to connect to Active Directory over secure LDAP and to the LogRhythm Admin API, installed on the Platform Manager. If you install the TrueIdentity Sync Client on the Platform Manager, you can connect to the API locally at Otherwise, you can access the API remotely at In either case, ensure that security policies or firewalls will allow the connection. If Active Directory synchronization is already configured on the Client Console, it is recommended that you install the TrueIdentity Sync Client on the Platform Manager.System RequirementsNote the following system requirements for the LogRhythm TrueIdentity Sync Client:Your network, Active Directory LDAP server, and the host running the TrueIdentity Sync Client must support TLS 1.2.You network must allow all traffic from this host to the LDAP server on port 389. For Secure LDAP connections, your network must allow traffic over port 636.The server certificate of the Active Directory LDAP server you are connecting to should be in the Trusted Root Certificate Store on the TrueIdentity Sync Client host. If you are using SSL certificates produced by a Third-Party Certificate Authority (CA), the certificate must also be added to the Trusted Root Certificate Store.If the TrueIdentity Sync Client is on a remote host where API Gateway is NOT installed, you must:Add the server SSL certificate of the