circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Connect Logpoint to Director Setup

Logpoint Director allows you to establish a private tunnel between Logpoint and Director to work in a Fabric-enabled mode for central management of multiple Logpoints. You must have a valid Director license, but it is configured without a Logpoint license.

The network connection between the Fabric Server and Logpoint must be stable and reliable. In case of a network failure, logs are collected; however, users are unable to use Logpoint SIEM.

circle-exclamation

To connect Logpoint to Director, you must configure Logpoint Director in the following order:

  1. Fabric Networkarrow-up-right: establishes a private tunnel between Logpoint and Director through the Fabric Servers, enabling encrypted communication.

  2. Fabric Storage: is a distributed storage service that stores centralized configuration data and metadata, ensuring synchronization and restoration across Logpoints.

  3. Fabric Connect: builds on the Fabric Network to establish a link between Logpoint and Director, allowing centralized configuration.

Logpoint Director must be configured in all Logpoints to connect them to the Director setup.

hashtag
Fabric Network

Fabric Network provides a private tunnel to enable fabric connect.

chevron-rightConfigure Fabric Network in Logpointhashtag

  1. Go to Settings >> System Settings from the navigation bar and click Logpoint Director.

  2. Enter the Fabric Server IP(s). For a standalone Fabric Server, enter a single public IP. For cluster Fabric Servers, enter at least two up and running public IPs to ensure the Director setup functions properly.

  3. Enter the Maximum Transmission Unit (MTU in bytes) between 1250 to 65535.

  4. Click Save Changes. Fabric Server Cluster

    After you configure the Fabric Network in Logpoint, a secure communication pathway is established between the Fabric-enabled Logpoint, Fabric Servers, and Logpoint Search Master. Logpoint fetches the Server IPs and Client IPs from the Fabric Servers. If the IPs are not updated, click Refresh to fetch the latest configuration status.

  5. Click Clear to stop and delete all the services running for the currently configured Fabric Network.

    circle-exclamation

    If Fabric Connect is enabled, you must disable it before you clear or update the Fabric Network settings.

hashtag
Fabric Storage

Fabric Storage is a distributed storage service of Director.

chevron-rightConfigure Fabric Storagehashtag

  1. Go to Settings >> System Settings from the navigation bar and click Logpoint Director.

  2. Click Fabric Storage.

  3. Fabric Storage is automatically configured after configuring the Fabric Network. Click Reconfigure when the status displays Reconfiguration required. Fabric Storage

hashtag
Fabric Connect

Fabric Connect allows you to configure Fabric enabled Logpoint to centrally manage Logpoint configuration from Director.

chevron-rightConfigure Fabric Connecthashtag

  1. Go to Settings >> System Settings from the navigation bar and click Logpoint Director.

  2. Select Fabric Connect.

  3. Select Enable Fabric Connect.

  4. Select Co-managed Mode in Modes of Operation only if the configurations are managed from Logpoint.

  5. Enter the Pool UUID and Password in the Pool Configuration. A pool is a group of Fabric-enabled Logpoint instances that are centrally managed through the Logpoint Director, which is identified by a unique, auto-generated Universal Unique Identifier (UUID). Go to Creating a Logpoint Pool for information on the pool UUID and password.

  6. Click Test Connection to ensure Logpoint is connected to the intended pool. Logpoint generates the corresponding Status and pool name based on the entered pool UUID.

  7. Pool Information displays the IP address of the Fabric Servers, the hostname of the Fabric Storage, and the Fabric Authenticator to which the Pool is connected. Fabric Connect

  8. Click Save Changes.

  9. Enter the admin user’s password and click Ok. Authentication

hashtag
Co-managed Mode

In Director, certain configurations must be performed using the API or Director Console as they are restricted from Logpoint. However, co-managed mode allows you to make changes using the Logpoint UI, but the settings are disabled from the Director. A valid Logpoint license is required to use this mode.

chevron-rightConfigure Co-managed Modehashtag

  1. Go to Settings >> System Settings from the navigation bar and click Logpoint Director.

  2. Select Fabric Connect.

  3. Select the Co-Managed mode.

circle-exclamation

If Logpoint is already fabric-enabled, you must turn off and turn on the Fabric Connect to change the mode of operation.

hashtag
Sync

Logpoint data is regularly updated in Director after configuring Logpoint Director. Use sync to restore the data in case a fabric server was down or unavailable.

chevron-rightUse Sync to Restore Logpoint Datahashtag

  1. Go to Settings >> System Settings from the navigation bar and click Logpoint Director.

  2. Click Sync. Sync

hashtag
SSH Settings

SSH enables remote access using the Secure Shell (SSH) protocol. It allows you to access Shell from Director Console to manage the configurations of Fabric-enabled Logpoints using a command line. SSH setting is not available when a Logpoint is in the co-managed mode, and you must enable Fabric Connect before using SSH settings.

chevron-rightConfigure SSH Settingshashtag

To configure the SSH settings:

  1. Go to Settings >> System Settings from the navigation bar and click Logpoint Director.

  2. Click SSH Settings.

  3. Enable SSH Connection.

  4. Enable SSH Connection Forever or enter the SSH connection enable duration in Days, Hours, and Minutes. SSH Settings

  5. Click Save.

Last updated

Was this helpful?