circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Configure File Collection

Configure AgentX to collect logs from flat files on Windows or Linux endpoints.

hashtag
Prerequisites

  • Template created or selected for editing

  • Understanding of which log files you need to collect

  • Knowledge of whether logs are single-line or multi-line format

hashtag
Procedure

  1. In the template configuration, locate File Collection.

  2. Select Add New to add a file collection source.

  3. Enter a Name for the file collection source.

  4. In Path, enter the full path to the file or directory containing log files.

  5. Select a Source Type to categorize the log source.

  6. If the log files contain multi-line entries, select Is Multiline?

  7. If you selected Is Multiline?, enter a Multiline Regex pattern that matches the start of each log entry.

  8. Select Save to save the template configuration.

To add multiple file collection sources, select Add New and repeat the procedure.

To remove a file collection source, select Delete next to the source.

hashtag
Expected outcome

AgentX Client collects logs from the specified files and forwards them to Logpoint according to the template configuration.

hashtag
Verification

After assigning the template to a device and waiting for log collection to begin:

  1. Go to the Logpoint search interface.

  2. Run the following query:

Replace <hostname> with your endpoint hostname.

Verify that logs from the specified file paths appear in the search results.

hashtag
Configuration guidelines

Files must end with a newline File Collection skips files that do not end with a newline character. Ensure your log files are properly formatted.

Use absolute paths Always specify the complete path to log files or directories (e.g., C:\Logs\app.log on Windows or /var/log/app.log on Linux).

Directory paths collect all files If you specify a directory path, AgentX collects logs from all files in that directory. Use specific filenames if you need to collect only certain files.

Multiline regex must match the start of entries The Multiline Regex pattern identifies where each log entry begins. If the pattern does not match any lines in the file, AgentX treats the entire file as a single log entry, causing performance issues.

Escape commas in directory names For directories containing commas in their names, use \ to escape each comma. For example, for a directory named Documents,Reports,2025, use the path C:\Users\Logpoint\Documents\,Reports\,2025\file.txt.

Common multiline patterns:

  • Timestamp at start: ^\d{4}-\d{2}-\d{2} (matches YYYY-MM-DD)

  • Log level at start: ^(INFO|WARN|ERROR|DEBUG)

  • Syslog format: ^[A-Z][a-z]{2}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}

hashtag
Example configurations

Collect IIS logs (single-line):

  • Name: IIS Access Logs

  • Path: C:\inetpub\logs\LogFiles\W3SVC1\*.log

  • Source Type: IIS

  • Is Multiline?: Not selected

Collect application logs (multi-line with timestamps):

  • Name: Application Logs

  • Path: /var/log/application/app.log

  • Source Type: Application

  • Is Multiline?: Selected

  • Multiline Regex: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}

Collect Windows DNS logs:

  • Name: DNS Server Logs

  • Path: C:\Windows\System32\dns\dns.log

  • Source Type: DNS

  • Is Multiline?: Not selected

hashtag
Next steps

Last updated

Was this helpful?