Configure System Settings
General Settings
General settings are where you configure generic parameters for Fabric-enabled Logpoint instances.
Configure General Settings
Go to
Configure >> Settings >> System >> General Settings.Select the instances where you want to apply general settings. You can select multiple Logpoint instances from different pools. If you are applying general settings for multiple Logpoints, you can’t use Server Alias or Logpoint Name and Identifier. They are hidden.
Click Next.
Enter a Server Alias, a Logpoint Name, and a Browser Tab Title.
Select an LP Mode. You cannot select an LP Mode if one or more of the selected Logpoint instances are a Logpoint Collector.
If you select the Search Head mode, you can also access the logs of the connected Logpoint instances and their distributed Logpoint instances.
If you select the Distributed Logpoint mode, you can connect multiple Logpoint instances operating in different modes and store their logs. You can monitor, configure, and analyze the logs on the connected devices.
Select default authentication method from the Default Login Screen From drop-down.
Enter the Timeout (Minutes) period. You have to log in again if there is no activity for longer than the specified period.
Enter the Base Repo Path For High Availability. It is the base path for the repos from the remote machine. The default path for the base repo is /opt/immune/storage/.
Select either Collection Timestamp (col_ts) or Log Timestamp (log_ts) from the Apply Time Range On drop-down. The col_ts is the time when the log was collected in Logpoint, and the log_ts is the time when a device generated the log.
Enter the Over Scan Period (In Minutes). The overscan period is the extra period in which Logpoint searches for logs. It is useful for col_ts based searches.
Select the Timezone of the Logpoint instances.
If the timezones of Logpoint instances differ, log timestamps are also different despite the fact that the incoming logs were ingested at the same time. For that reason, we recommend applying the same timezone to all your Logpoint instances.
Select Enable SOAR for Logpoint. You can enable SOAR for Logpoint v7.0.0 and later. Go to Getting Started with SOAR for details.
Click Next.
Review your changes. You can go Back to make any changes if necessary. Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Usage Data
Logpoint collects and analyzes anonymized usage data. Personally Identifiable Information (PII) data is not collected. You can select whether to share your Usage Data with us from Logpoint v7.3.0 and later. By default, Share Usage Data is selected. To deselect:
Go to
Configure >> Settings >> System >> General Settings.Deselect Share Usage Data.
Click Save.
SMTP Settings
SMTP is used to send emails from the LogPoint.
Configure SMTP Settings
Go to
Configure >> Settings >> System >> SMTP Settings.Select the LogPoint instances where you want to configure the SMTP settings.
Click Next.
Enter the Server address and the Port number of the SMTP server.
Enter the Sender Name and the Sender Email.
Click Login Required if you want to enable an authentication mechanism for sending emails and alerts. Enter a Username and a Password.
To test the SMTP configuration:
In the SMTP TEST section, enter the Subject of your test email.
Enter an Email address.
Enter a Message.
Click Test.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
NTP Settings
NTP synchronizes the time of the selected LogPoint instances with a network time server.
Configure NTP Settings
Go to
Configure >> Settings >> System >> NTP Settings.Select the LogPoint instances where you want to configure the NTP settings.
Click Next.
Select Is NTP Enabled? to enable NTP.
Enter the Servers. Press Enter to add an NTP server.
Click the Remove icon in the server names to remove them.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
SNMP Settings
SNMP listens to the OIDs forwarded to port 161 of the LogPoint instances.
Configure SNMP Settings
Go to
Configure >> Settings >> System >> SNMP Settings.Select the LogPoint instances where you want to configure the SNMP settings.
Click Next.
Select Enable SNMPD.
Enter the Community String, which acts as a passphrase. Click the View (
) icon to view the community string.Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
HTTPS Settings
You can use the HTTPS settings to upload HTTPS certificates in the Fabric-enabled LogPoints. HTTPS certificates help you establish a secure connection between your browser and your LogPoint server.
Configure HTTPS Settings
Go to
Configure >> Settings >> System >> HTTPS Settings.Select the LogPoint instances where you want to configure the HTTPS settings.
Click Next.
Click the upload area to browse the certificates or drag and drop the certificate files. You can obtain the files using the OpenSSL commands.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Lockout Policy Settings
The lockout policy lets you control user login and password security attributes. LogPoint locks your account for a specific lockout duration if you make multiple failed login attempts.
Configure Lockout Policy Settings
Go to
Configure >> Settings >> System >> Lockout Policy Settings.Select the LogPoint instances where you want to configure the lockout policy settings.
Click Next.
Enter a Lockout Threshold to determine the number of failed login attempts allowed before causing a user to be locked out of a Fabric-enabled LogPoint. You can set a threshold value from 0 to 999, where 0 means a user account is never locked.
Enter a Lockout Duration to determine the number of minutes that an account remains locked out of a Fabric-enabled LogPoint. You can set a lockout duration value from 1 to 99999.
Click Reset to reset the values to default.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the tasks in PDF.
Click Finish.
Click OK.
SSH Settings
You can use the SSH settings to generate an SSH certificate for the li-admin users.
Configure SSH Settings
Go to
Configure >> Settings >> System >> SSH Settings.Select the LogPoint instances where you want to configure the SSH settings.
Click Next.
Enter a Passphrase to generate a Private Key. You can view the private key for your passphrase at the next SSH settings operation. If a private key is present, it belongs to the passphrase that you used in your previous SSH settings operation.
4.1. Click the View (
) icon to view your passphrase.Make sure to save or note down your passphrase. You cannot retrieve it once the configuration is complete.
Click Copy to Clipboard to copy the private key.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Support Connection Settings
You can use the support connection settings to create an end-to-end encrypted communication channel between the LogPoint Support and the LogPoint. It helps the LogPoint support team understand, troubleshoot, and fix issues with deployment along with any issues that might arise in the future. Only the customers can enable the support connection.
Configure Support Connection Settings
Go to
Configure >> Settings >> System >> Support Connection Settings.Select the LogPoint instances where you want to configure the support connection settings.
Click Next.
Click Enable Support Connection.
For multiple LogPoint instances, the Enable Support Connection option is enabled by default.
Enter the duration of the connection in Days, Hours, and Minutes.
Click Enable Support Connection Forever? to enable the support connection forever (optional).
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Use the Refresh API List to sync Support Connections Settings to ensure the Logpoint Support IP is in sync in the Director Console.
After refreshing the API, go to
Configure >> Settings >> System >> Support Connection Settingsand you will see the synced Support Connection IP.
Syslog
Syslog is used to send system logs to a specific server. You can add a custom TLS certificate for log collection via Syslog.
Configure Syslog
Go to
Configure >> Settings >> System >> Syslog.Select the Logpoint instances where you want to configure the Syslog.
Click Next.
Upload the Certificate and the Key.
Select Add Sequence Numbers On Log Received From Syslog Collector to add a sequence number to the log.
Enter the Message Length.
The default message length is 12KB.
Select Default Syslog Accept to allow Logpoint to accept unregistered logs from any syslog source by default. The received logs are normalized using
_default_syslognormalization policy and stored in the default repo.Click Next.
Review the details and click Back if anything needs to be changed.
Click Download Report to get a summary in PDF format.
Click Finish.
Click OK.
Modes of Operation Settings
You can use the Modes of Operation settings to configure the Fabric-enabled LogPoints as LogPoint Collectors. You need to understand and fulfill the LogPoint collector requirements before configuring the modes of operation settings.
LogPoint Collectors
A LogPoint collector collects logs from different sources, normalizes them, and forwards them to a remote LogPoint. You need a main (remote) LogPoint to configure sources and storage locations for the incoming logs. For that reason, you need at least two LogPoints to use LogPoint Collector.
You must add the devices for the LogPoint collector in the remote LogPoint by choosing the collector machine as the distributed collector.
Since LogPoint collector is used only to collect and forward the logs, Dashboard, Search, and Report do not exist in a LogPoint collector.
Configure Modes of Operation
Go to
Configure >> Settings >> System >> Modes of Operation Settings.Select the LogPoint instances where you want to configure the Modes of Operation settings.
Click Next.
Click LogPoint Collector.
Click Enable Buffering to store the data locally in case of a network outage.
You need to enable Open Door in the main LogPoints and add them as Remote LogPoint in the LogPoint collectors.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Enrichment Settings
You can use the enrichment settings to configure the Fabric-enabled LogPoint instances to support enrichment. Enrichment enhances, refines, and improves the representation of the logs. You can add additional information to logs and improve their usability. You can also customize the logs and make dashboards more relevant.
You cannot configure the enrichment settings in a LogPoint collector.
Configure Enrichment Settings
Go to
Configure >> Settings >> System >> Enrichment Settings.Select the LogPoint instances where you want to configure the enrichment settings.
Click Next.
Select Standalone Mode to use the LogPoint in the standalone mode or deselect it to use them in the enrichment propagation mode.
In the Standalone Mode, the whole enrichment process is carried out on a single machine.
In the Enrichment Propagation Mode, a single Enrichment Provider machine and multiple Enrichment Subscriber machines are used.
If you select the Enrichment Propagation Mode:
Select the Enrichment Provider option to configure the LogPoint instances as the sources (sources collect the raw data and push them into Enrichment Subscribers).
Select the Enrichment Subscriber option to configure the LogPoint instances as the clients (clients construct rules for the enrichment process).
If the selected machine is an enrichment provider by default, you can see its subscribers and their current status on the Enrichment Settings page.
If you select Enrichment Subscriber, select the Subscription Source (Remote IP), i.e., the name of the Provider LogPoint.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Open Door Settings
The Open Door settings allows you to enable Open Door in the Fabric-enabled LogPoints.
A remote LogPoint can add an open door enabled LogPoint as its Distributed LogPoint (DLP). Upon successful configuration, you can search and monitor logs from a remote location. This access is highly useful while centrally monitoring many LogPoints. Under distributed architecture, the central server looks after the remote client LogPoints.
Configure Open Door Settings
Go to
Configure >> Settings >> System >> Open Door Settings.Select the LogPoint instances where you want to configure the Open Door settings.
Click Next.
Select Open Door.
Note down the Private IP and the Netmask. The remote LogPoint instances use these values to connect to the Open Door enabled LogPoint instances.
You can enter a different private IP.
The private IP must end in
.1.
Enter a Password. The password is used by the remote LogPoint instances to add the Open Door enabled LogPoint instances to the distributed LogPoint setup.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Distributed LogPoint Settings
You can use the Distributed LogPoint (DLP) settings to connect multiple Fabric-enabled LogPoints and distribute the storage of logs among them. You can monitor, configure, and analyze the data from any of the connected LogPoints.
For example, a simple case with two LogPoints: LP1 and LP2. You can add LP2 as a Distributed LogPoint for LP1. In this case, a user at LP1 with privilege can access the logs on LP2 from the LP1 itself. The user can perform searches, create dashboards, alerts, or generate reports including the logs from any of the repos from both LogPoints.
LogPoint instances connect using a secure VPN connection.
A user in LP2 may not be able to see the logs in LP1 unless LP1 is explicitly added as a DLP for LP2. You can add LP1 as a DLP for LP2 in order to access the logs from both ways.
You can add any number of DLPs to a LogPoint. However, the name of each LogPoint node must be unique in a distributed deployment.
Configure Distributed Logpoint Settings
Go to
Configure >> Settings >> System >> Distributed LogPoint Settings.Select the LogPoint instances where you want to configure the Distributed LogPoint settings.
You cannot select a LogPoint collector.
Click Next.
Select a Remote LogPoint. The Private IP of the remote LogPoint populates accordingly.
You can add multiple DLPs to a LogPoint.
Enter the Password of the remote LogPoint’s Open Door configuration.
Click Add to List.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Distributed Collector Settings
You can use the Distributed Collector settings to connect a distributed collector to a remote LogPoint.
A distributed collector collects logs from different sources, normalizes them using the signatures applied, and forwards them to a remote LogPoint. You must configure sources and storage location in the remote LogPoint.
Configure Distributed Collector Settings
Go to
Configure >> Settings >> System >> Distributed Collector Settings.Select the LogPoint Collector where you want to configure the distributed collector settings. You can only select a single LogPoint collector.
You can only add distributed collector in a LogPoint collector.
You cannot add a single LogPoint collector to multiple remote LogPoint instances.
Click Next.
Select a Remote LogPoint. The Private IP of the remote LogPoint populates accordingly.
Enter the Password of the remote LogPoint’s open door configuration.
You can add multiple distributed collectors to one LogPoint.
Click Next.
Review your changes. You can go Back to make any changes if necessary.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Multiport For Netflow Collector
Use custom ports in the range 49152-65535.
Use ports not used by other collectors.
Multiport Netflow Collector is used to configure multiple UDP ports to collect and analyze NetFlow statistics logs.
Configure Multiport For Netflow Collector
Go to
Configure >> Settings >> System >> SMTP Settings.Select Multiport For Netflow Collector from the dropdown.
Select the Logpoint instances to configure the Multiport settings.
Click Next.
Enter the Custom Port for UDP. Multiple custom ports can be entered.
Click Next.
Review your changes. You can go Back to make any changes.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Multiport For Syslog Collector
Use custom ports in the range 49152-65535.
Use ports not used by other collectors..
Multiport Syslog Collector is used to configure multiple TCP/UDP and SSL ports to collect data from sources that follow the syslog protocol.
Configure Multiport For Syslog Collector
Go to
Configure >> Settings >> System >> SMTP Settings.Select Multiport For Syslog Collector from the dropdown.
Select the Logpoint instances to configure the Multiport settings.
Click Next.
Enter the Custom Port for TCP/UDP. Multiple custom ports can be entered.
Enter the Custom Port for SSL. Multiple custom ports can be entered.
Click Next.
Review your changes. You can go Back to make any changes.
Click Download Report to save the summary of the task in PDF.
Click Finish.
Click OK.
Last updated
Was this helpful?