Design & Architecture
Stay up to date with the latest & greatest
- 56 Topics
- 116 Replies
hello guys, good daynewbie here and I am taking overed from our previous employee. correct me if I’m wrong since it is still in final design I need to deploy distributed LP in customer environment, we provide them 2 ESXi and this is our 1st customer migrated from Microfocus. The components are: (current)search head x1 distributed logpoint x1 log collector x2 (collect log for on-prem x1, collect log for cloud but sitting on prem)for windows, planning to use LPA and the rest syslogIssue 1:I do some testing and I realized all the API or Cloud Trail configuration directly into DLP. Reason I am thinking, we do not need the LC on this case and the pros is we have the opportunity to turn on SOAR features also increase the specification/storage for DLP.Do I need to turn on this DLP as collector also?Issue 2:license: 325 nodes (300 servers/security/network and 5 API: sophos, office365 and 1: AWS cloud trail)I believed 325 nodes will be installed inside the DLP and but not sure about SH and LC,
Hi All, We do have different clients and we want to create a real time monitoring system. Is it possible to integrate it on Grafana, if yes do you have any idea how? i know that monitoring through email is possible but we want a centralized monitoring system Thanks
Hello,I have an archive server were I store some syslog/json logs on. I wonder If It’s possible to send over som of these to LogPoint?Is It possible manually to transfer over some of the logs from the archive → Logpoint AIO? Like use scp or something else. I dont find any related documentation related to this.
HiWhat are your opinions on increasing the size of the syslog message.Increasing syslog message size will potentially have a negative impact on the performance in log collection, normalization and parsing.On the other hand it is important to be able to extract the necessary information from collected log messages, and some windows evenLog messages have increased over time.Take for example event ID 4662 ‘An operation was performed on an object’, it can exceed 34000 in message size.Another example is custom application logs, where developers might have another opinion, of what meaningful logs should contain.RegardsHans
Hi,I have a distributed system with dedicated collectors. Now, during setup and configuring a few hundred linux servers via rsyslog to send their logs to one collector, the collector suddenly stopped pushing the data further to the data node. I’ve rebooted the collector, which resulted in temporary relief, however after roughly two hours, the problem resurfaced. Using tcpdump on the collector I can see logs streaming in from the log sources (tcp/514), and also on the data node I see openvpn-udp traffic comming in from the IP of the collector - not sure however if in latter I see only tunnel keepalive traffic, as the packages are very small 65-103 byte. I don’t have a clue on how to understand what is going on and where to look at - seems some resource problem to me, in terms of memory or cpu the system is well equipped and bored :-). The thing is, when doing a search over all repos with "collected_at"="myCollectorName" I don’t get any data at all. As if the thing would not exist.Do you
The 7.2.0 version is out. Read about it here: https://servicedesk.logpoint.com/hc/en-us/articles/10065818192669-Logpoint-v7-2-0.During April, Logpoint will host a Webinar giving more insights into the new features. Look for it in your e-mail inbox or here on the Community/ Brian Hansen, Logpoint
Hello together!I hope you all look regularly in the idea portal?I have submitted some ideas that I wanted to draw attention to here:Separate SOAR from SIEM Installation- and Update Packages The update and installation packages have grown in size a lot since SOAR was introduced. The idea asks to un-bundle the SOAR package so that you don’t have to transfer and install 1.5 GB of update package, while the SOAR uses 1.4 GB of it. Preselect Dropdown Values if there is only one option In the UI there are some dropdowns where usually you have only one selection option. If so, this should be preselected, so you can save some click-work. Implement Overview for Live Searches It would be helpful to know how fast the responses of the live searches in your system are available to estimate which live searches can be optimized or consume the most resources. Director: Add configuration object overview and filtering In the Director Console UI we need a better overview of all available configuration obj
When exporting to Excel the field ‘msg’ contains the same HTML encoding as the GUI.This is how some example data are shown in the GUI: This is how the Excel Speadsheet looks like for the same data: This is the sourcecode for the tabel in the GUI, which shows that it contain the same html <span> tags:Is it possible to get the Excel Export without html encoding in the msg field?Perhaps it could be an option to enable/disable html <tags> in exports in the preferences menu?
Some of our customers have requested logs from Google Workspace. The logs requirements range anywhere from email logs to drive usage logs. What features do we have currently to work on these sort of logs?I could not see any features mentioned in the LP Help center. Are we working on this one?
Dear all, The newest version of the SAML authentication application enabling users to log into LogPoint using the SAML Identity Providers (IdPs) is now publicly released on the Logpoint Help Center. For more information and downloading instructions, please visit the link below.https://servicedesk.logpoint.com/hc/en-us/articles/360002185778
Hi all,we started using LogPoint and created repos for every device type. Now that we have 20+ repos i want to optimize this process and group devices by functionality (e.g. email, remote access). So my intention is to create an new repo for every functionality and modify the routing policies. I think this should work but there is a great time span where i have to search in the “new” and the “old” repo because of retention times of 90 or more days.Is there a smart way to copy the content from one repo to another so that i can get the optimizing done in a short time and this will not take 90+ days?Bestedgar
For our customer we currently have several alerts implemented. The customer has a rather small security team only interested in receiving email notification whenever an incident is triggered. So, the build in management incident of LogPoint is not used and all and i delete all open cases on a regular basis.However, for auditing reasons, for some incidents posing a major risk they would now like the security personal to use the incident management system by LogPoint and want them to resolve the cases there. All other incidents should, if possible, not be visible to them. Right now, i would assign these high risk alerts to the security personal so that are able to read and resolve them within LogPoint. Incidents with a lower risk would be assigned to me or a dummy group, and i would continue to regularly delete them manually. But i am wondering whether there is a better way: Does triggering an alert automatically have to create an incident, or is it possible to configure that only alerts
Hi Community, We have a distributed collector in a remote location. We have established a Site-to-site VPN between locations. The scenario is that the IP Address of the collector is in NAT and mapped to a different IP than that of the actual host IP. For E.g the system IP of collector is 172.29.20.80 and the IP of the collector as seen by the Remote Logpoint is 172.22.2.2. We have made the necessary configuration and ensured the Collector is visible in the logpoint. However, the IP as recorded by Logpoint is the actual system IP (Not the IP Logpoint should recognize it as). The issue is the status is Inactive stage. Is this due to the difference in host IP and NAT address?
Hello,I’m designing my backup. So far in the documentation, I’ve read two options: application snapshot and application backup, both are writing to the local disk.Let’s put aside the configuration backup as it’s less than 1 GB. The real challenge comes with backing up repos.In an on-prem infrastructure, backups are stored in the backup infrastructure, with VTL and so on. There’s no way I can request to double the size of the repo disk just to store a consistent backup that I will have, then, to transfer to the backup infrastructure.In a cloud infrastructure, the backup would go directly to the object storage such as S3 Glacier. Neither would we rent a disk space used only during backup, though it might be easier to do in a cloud environment.In addition to the backup and snapshot methods from the documentation, I should add the option of disk snapshot, either from the guest OS or from the disk array (only for on-prem infrastructure). These would provide a stable file system onto which t
HiToday I have a Python script for exporting devices in to a csv-file with the following fields:device_name,device_ips,device_groups,log_collection_policies,distributed_collector,confidentiality,integrity,availability,timezoneDoes a script exist that also extract the additional fiels:uses_proxy, proxy_ip, hostnameThis will make moving devices from LogPoint 5 to LogPoint 6 considerably more easy. RegardsHans
Wir haben einen Kunden, der das neue Feature zum Hochladen der SSL/TLS Zertifikate für den Syslog Collector über die Web Oberfläche genutzt hat. Does this have any effect on the certificates used by OpenVPN?Because currently, after configuring the Distributed LogPoint, we see in the OpenVPN client log (/opt/immune/var/log/service/remote_con_client_xx.xx.xx.xx/current) that the certificate cannot be verified:2022-01-04_11:12:48.10967 Tue Jan 4 11:12:48 2022 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: XXX
Hello Guys,is it possible to use/create 16 repositories per LogPoint environment only?What if I like to separate my data in 30 different repositories for managment and access right purposes, is there a way to do that and are there benefits or drawbacks for this situation?Thanks in advance. BR,Sascha
Hi All, We are excited to share a new knowledge base article guiding you through the steps on how to use NFS storage as backup directory. You can access through the following link. https://servicedesk.logpoint.com/hc/en-us/articles/5068106299805-How-to-use-NFS-storage-as-backup-directory-
Already have an account? Login
Login to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.LOGIN AS PARTNER OR CUSTOMER Login with LinkedIn
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.