circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Add a Windows or Linux device in Logpoint

Add a device to Logpoint to receive logs from AgentX Clients on Windows or Linux endpoints.

hashtag
Prerequisites

  • AgentX Server installed in Logpoint

  • AgentX Manager installed in Logpoint

  • Administrator access to Logpoint

  • Normalization policy created for AgentX logs

  • Device name and IP address information

  • Load balancer IP address (if implementing load balancer with AgentX cluster)

hashtag
Procedure

  1. Go to Settings > Configuration and select Devices.

  2. Select Add.

  3. Enter a Name for the device.

  4. In IP address(es), enter the device IP address. If using a load balancer, also enter the load balancer IP address.

  5. Select one or more Device Groups to organize the device.

  6. Select a Log Collection Policy appropriate for the device.

  7. Select a Distributed Collector from the dropdown (if using Logpoint Collectors).

  8. Select the Time Zone that matches the device's time zone.

  9. Configure Risk Values for Confidentiality, Integrity, and Availability. These values calculate alert risk levels.

  10. Select Submit.

hashtag
Expected outcome

The new device appears in the Devices list and is ready for AgentX configuration.

hashtag
Verification

  1. Go to Settings > Configuration and select Devices.

  2. Verify that your new device appears in the list.

hashtag
Configuration guidelines

Time zone must match the device The time zone setting must match the actual time zone of the Windows or Linux endpoint. Incorrect time zone settings cause timestamp mismatches in log analysis.

In distributed setups, use identical configurations When adding the same device to multiple Logpoints in a distributed setup, ensure that device name, template, routing policy, normalization policy, enrichment policy, processing policy, and internal settings are identical across all Logpoints. Configuration mismatches cause processing inconsistencies.

Include load balancer IP when using clustering If implementing load balancer with AgentX cluster, you must include the load balancer IP address in the IP address(es) field. This grants the load balancer access to ports 1514 and 1515.

Risk values affect alert scoring The Confidentiality, Integrity, and Availability values combine with alert severity to calculate overall risk scores. Set these values based on the device's importance to your organization.

hashtag
Next steps

Last updated

Was this helpful?