circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Configure System Settings

hashtag
General Settings

General settings are where you configure generic parameters for Fabric-enabled Logpoint instances.

chevron-rightConfigure General Settingshashtag

  1. Go to Configure >> Settings >> System >> General Settings.

  2. Select the instances where you want to apply general settings. You can select multiple Logpoint instances from different pools. If you are applying general settings for multiple Logpoints, you can’t use Server Alias or Logpoint Name and Identifier. They are hidden.

  3. Click Next.

  4. Enter a Server Alias, a Logpoint Name, and a Browser Tab Title.

  5. Select an LP Mode. You cannot select an LP Mode if one or more of the selected Logpoint instances are a Logpoint Collector.

    • If you select the Search Head mode, you can also access the logs of the connected Logpoint instances and their distributed Logpoint instances.

    • If you select the Distributed Logpoint mode, you can connect multiple Logpoint instances operating in different modes and store their logs. You can monitor, configure, and analyze the logs on the connected devices.

  6. Select default authentication method from the Default Login Screen From drop-down.

  7. Enter the Timeout (Minutes) period. You have to log in again if there is no activity for longer than the specified period.

  8. Enter the Base Repo Path For High Availability. It is the base path for the repos from the remote machine. The default path for the base repo is /opt/immune/storage/.

  9. Select either Collection Timestamp (col_ts) or Log Timestamp (log_ts) from the Apply Time Range On drop-down. The col_ts is the time when the log was collected in Logpoint, and the log_ts is the time when a device generated the log.

  10. Enter the Over Scan Period (In Minutes). The overscan period is the extra period in which Logpoint searches for logs. It is useful for col_ts based searches.

  11. Select the Timezone of the Logpoint instances.

    circle-exclamation

    If the timezones of Logpoint instances differ, log timestamps are also different despite the fact that the incoming logs were ingested at the same time. For that reason, we recommend applying the same timezone to all your Logpoint instances.

  12. Select Enable SOAR for Logpoint. You can enable SOAR for Logpoint v7.0.0 and later. Go to Getting Started with SOAR for details.

  13. Click Next.

  14. Review your changes. You can go Back to make any changes if necessary. Click Download Report to save the summary of the task in PDF.

  15. Click Finish.

  16. Click OK.

hashtag
Usage Data

Logpoint collects and analyzes anonymized usage data. Personally Identifiable Information (PII) data is not collected. You can select whether to share your Usage Data with us from Logpoint v7.3.0 and later. By default, Share Usage Data is selected. To deselect:

  1. Go to Configure >> Settings >> System >> General Settings.

  2. Deselect Share Usage Data.

  3. Click Save.

hashtag
SMTP Settings

SMTP is used to send emails from the LogPoint.

chevron-rightConfigure SMTP Settingshashtag

  1. Go to Configure >> Settings >> System >> SMTP Settings.

  2. Select the LogPoint instances where you want to configure the SMTP settings.

  3. Click Next.

  4. Enter the Server address and the Port number of the SMTP server.

  5. Enter the Sender Name and the Sender Email.

  6. Click Login Required if you want to enable an authentication mechanism for sending emails and alerts. Enter a Username and a Password.

    circle-info

    To test the SMTP configuration:

    1. In the SMTP TEST section, enter the Subject of your test email.

    2. Enter an Email address.

    3. Enter a Message.

    4. Click Test.

  7. Click Next.

  8. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  9. Click Finish.

  10. Click OK.

hashtag
NTP Settings

NTP synchronizes the time of the selected LogPoint instances with a network time server.

chevron-rightConfigure NTP Settingshashtag

  1. Go to Configure >> Settings >> System >> NTP Settings.

  2. Select the LogPoint instances where you want to configure the NTP settings.

  3. Click Next.

  4. Select Is NTP Enabled? to enable NTP.

  5. Enter the Servers. Press Enter to add an NTP server.

    circle-info

    Click the Remove icon in the server names to remove them.

  6. Click Next.

  7. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  8. Click Finish.

  9. Click OK.

hashtag
SNMP Settings

SNMP listens to the OIDs forwarded to port 161 of the LogPoint instances.

chevron-rightConfigure SNMP Settingshashtag

  1. Go to Configure >> Settings >> System >> SNMP Settings.

  2. Select the LogPoint instances where you want to configure the SNMP settings.

  3. Click Next.

  4. Select Enable SNMPD.

  5. Enter the Community String, which acts as a passphrase. Click the View (view) icon to view the community string.

  6. Click Next.

  7. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  8. Click Finish.

  9. Click OK.

hashtag
HTTPS Settings

You can use the HTTPS settings to upload HTTPS certificates in the Fabric-enabled LogPoints. HTTPS certificates help you establish a secure connection between your browser and your LogPoint server.

chevron-rightConfigure HTTPS Settingshashtag

  1. Go to Configure >> Settings >> System >> HTTPS Settings.

  2. Select the LogPoint instances where you want to configure the HTTPS settings.

  3. Click Next.

  4. Click the upload area to browse the certificates or drag and drop the certificate files. You can obtain the files using the OpenSSL commands.

  5. Click Next.

  6. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  7. Click Finish.

  8. Click OK.

hashtag
Lockout Policy Settings

The lockout policy lets you control user login and password security attributes. LogPoint locks your account for a specific lockout duration if you make multiple failed login attempts.

chevron-rightConfigure Lockout Policy Settingshashtag

  1. Go to Configure >> Settings >> System >> Lockout Policy Settings.

  2. Select the LogPoint instances where you want to configure the lockout policy settings.

  3. Click Next.

  4. Enter a Lockout Threshold to determine the number of failed login attempts allowed before causing a user to be locked out of a Fabric-enabled LogPoint. You can set a threshold value from 0 to 999, where 0 means a user account is never locked.

  5. Enter a Lockout Duration to determine the number of minutes that an account remains locked out of a Fabric-enabled LogPoint. You can set a lockout duration value from 1 to 99999.

  6. Click Reset to reset the values to default.

  7. Click Next.

  8. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the tasks in PDF.

  9. Click Finish.

  10. Click OK.

hashtag
SSH Settings

You can use the SSH settings to generate an SSH certificate for the li-admin users.

chevron-rightConfigure SSH Settingshashtag

  1. Go to Configure >> Settings >> System >> SSH Settings.

  2. Select the LogPoint instances where you want to configure the SSH settings.

  3. Click Next.

  4. Enter a Passphrase to generate a Private Key. You can view the private key for your passphrase at the next SSH settings operation. If a private key is present, it belongs to the passphrase that you used in your previous SSH settings operation.

    4.1. Click the View () icon to view your passphrase.

    circle-info

    • Make sure to save or note down your passphrase. You cannot retrieve it once the configuration is complete.

    • Click Copy to Clipboard to copy the private key.

  5. Click Next.

  6. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  7. Click Finish.

  8. Click OK.

hashtag
Support Connection Settings

You can use the support connection settings to create an end-to-end encrypted communication channel between the LogPoint Support and the LogPoint. It helps the LogPoint support team understand, troubleshoot, and fix issues with deployment along with any issues that might arise in the future. Only the customers can enable the support connection.

chevron-rightConfigure Support Connection Settingshashtag

  1. Go to Configure >> Settings >> System >> Support Connection Settings.

  2. Select the LogPoint instances where you want to configure the support connection settings.

  3. Click Next.

  4. Click Enable Support Connection.

    circle-info

    For multiple LogPoint instances, the Enable Support Connection option is enabled by default.

  5. Enter the duration of the connection in Days, Hours, and Minutes.

  6. Click Enable Support Connection Forever? to enable the support connection forever (optional).

  7. Click Next.

  8. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  9. Click Finish.

  10. Click OK.

  11. Use the Refresh API List to sync Support Connections Settings to ensure the Logpoint Support IP is in sync in the Director Console.

  12. After refreshing the API, go to Configure >> Settings >> System >> Support Connection Settings and you will see the synced Support Connection IP.

hashtag
Syslog

Syslog is used to send system logs to a specific server. You can add a custom TLS certificate for log collection via Syslog.

chevron-rightConfigure Sysloghashtag

  1. Go to Configure >> Settings >> System >> Syslog.

  2. Select the Logpoint instances where you want to configure the Syslog.

  3. Click Next.

  4. Upload the Certificate and the Key.

  5. Select Add Sequence Numbers On Log Received From Syslog Collector to add a sequence number to the log.

  6. Enter the Message Length.

    circle-info

    The default message length is 12KB.

  7. Select Default Syslog Accept to allow Logpoint to accept unregistered logs from any syslog source by default. The received logs are normalized using _default_syslog normalization policy and stored in the default repo.

  8. Click Next.

  9. Review the details and click Back if anything needs to be changed.

  10. Click Download Report to get a summary in PDF format.

  11. Click Finish.

  12. Click OK.

hashtag
Modes of Operation Settings

You can use the Modes of Operation settings to configure the Fabric-enabled LogPoints as LogPoint Collectors. You need to understand and fulfill the LogPoint collector requirements before configuring the modes of operation settings.

LogPoint Collectors

A LogPoint collector collects logs from different sources, normalizes them, and forwards them to a remote LogPoint. You need a main (remote) LogPoint to configure sources and storage locations for the incoming logs. For that reason, you need at least two LogPoints to use LogPoint Collector.

circle-info

You must add the devices for the LogPoint collector in the remote LogPoint by choosing the collector machine as the distributed collector.

Since LogPoint collector is used only to collect and forward the logs, Dashboard, Search, and Report do not exist in a LogPoint collector.

chevron-rightConfigure Modes of Operationhashtag

  1. Go to Configure >> Settings >> System >> Modes of Operation Settings.

  2. Select the LogPoint instances where you want to configure the Modes of Operation settings.

  3. Click Next.

  4. Click LogPoint Collector.

  5. Click Enable Buffering to store the data locally in case of a network outage.

    circle-info

    You need to enable Open Door in the main LogPoints and add them as Remote LogPoint in the LogPoint collectors.

  6. Click Next.

  7. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  8. Click Finish.

  9. Click OK.

hashtag
Enrichment Settings

You can use the enrichment settings to configure the Fabric-enabled LogPoint instances to support enrichment. Enrichment enhances, refines, and improves the representation of the logs. You can add additional information to logs and improve their usability. You can also customize the logs and make dashboards more relevant.

circle-info

You cannot configure the enrichment settings in a LogPoint collector.

chevron-rightConfigure Enrichment Settingshashtag

  1. Go to Configure >> Settings >> System >> Enrichment Settings.

  2. Select the LogPoint instances where you want to configure the enrichment settings.

  3. Click Next.

  4. Select Standalone Mode to use the LogPoint in the standalone mode or deselect it to use them in the enrichment propagation mode.

    circle-info

    • In the Standalone Mode, the whole enrichment process is carried out on a single machine.

    • In the Enrichment Propagation Mode, a single Enrichment Provider machine and multiple Enrichment Subscriber machines are used.

  5. If you select the Enrichment Propagation Mode:

    1. Select the Enrichment Provider option to configure the LogPoint instances as the sources (sources collect the raw data and push them into Enrichment Subscribers).

    2. Select the Enrichment Subscriber option to configure the LogPoint instances as the clients (clients construct rules for the enrichment process).

      circle-info

      If the selected machine is an enrichment provider by default, you can see its subscribers and their current status on the Enrichment Settings page.

    3. If you select Enrichment Subscriber, select the Subscription Source (Remote IP), i.e., the name of the Provider LogPoint.

  6. Click Next.

  7. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  8. Click Finish.

  9. Click OK.

hashtag
Open Door Settings

The Open Door settings allows you to enable Open Door in the Fabric-enabled LogPoints.

A remote LogPoint can add an open door enabled LogPoint as its Distributed LogPoint (DLP). Upon successful configuration, you can search and monitor logs from a remote location. This access is highly useful while centrally monitoring many LogPoints. Under distributed architecture, the central server looks after the remote client LogPoints.

chevron-rightConfigure Open Door Settingshashtag

  1. Go to Configure >> Settings >> System >> Open Door Settings.

  2. Select the LogPoint instances where you want to configure the Open Door settings.

  3. Click Next.

  4. Select Open Door.

  5. Note down the Private IP and the Netmask. The remote LogPoint instances use these values to connect to the Open Door enabled LogPoint instances.

    circle-info

    • You can enter a different private IP.

    • The private IP must end in .1.

  6. Enter a Password. The password is used by the remote LogPoint instances to add the Open Door enabled LogPoint instances to the distributed LogPoint setup.

  7. Click Next.

  8. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  9. Click Finish.

  10. Click OK.

hashtag
Distributed LogPoint Settings

You can use the Distributed LogPoint (DLP) settings to connect multiple Fabric-enabled LogPoints and distribute the storage of logs among them. You can monitor, configure, and analyze the data from any of the connected LogPoints.

For example, a simple case with two LogPoints: LP1 and LP2. You can add LP2 as a Distributed LogPoint for LP1. In this case, a user at LP1 with privilege can access the logs on LP2 from the LP1 itself. The user can perform searches, create dashboards, alerts, or generate reports including the logs from any of the repos from both LogPoints.

circle-info

  • LogPoint instances connect using a secure VPN connection.

  • A user in LP2 may not be able to see the logs in LP1 unless LP1 is explicitly added as a DLP for LP2. You can add LP1 as a DLP for LP2 in order to access the logs from both ways.

  • You can add any number of DLPs to a LogPoint. However, the name of each LogPoint node must be unique in a distributed deployment.

chevron-rightConfigure Distributed Logpoint Settingshashtag

  1. Go to Configure >> Settings >> System >> Distributed LogPoint Settings.

  2. Select the LogPoint instances where you want to configure the Distributed LogPoint settings.

    circle-info

    You cannot select a LogPoint collector.

  3. Click Next.

  4. Select a Remote LogPoint. The Private IP of the remote LogPoint populates accordingly.

    circle-info

    You can add multiple DLPs to a LogPoint.

  5. Enter the Password of the remote LogPoint’s Open Door configuration.

  6. Click Add to List.

  7. Click Next.

  8. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  9. Click Finish.

  10. Click OK.

hashtag
Distributed Collector Settings

You can use the Distributed Collector settings to connect a distributed collector to a remote LogPoint.

A distributed collector collects logs from different sources, normalizes them using the signatures applied, and forwards them to a remote LogPoint. You must configure sources and storage location in the remote LogPoint.

chevron-rightConfigure Distributed Collector Settingshashtag

  1. Go to Configure >> Settings >> System >> Distributed Collector Settings.

  2. Select the LogPoint Collector where you want to configure the distributed collector settings. You can only select a single LogPoint collector.

    circle-info

    • You can only add distributed collector in a LogPoint collector.

    • You cannot add a single LogPoint collector to multiple remote LogPoint instances.

  3. Click Next.

  4. Select a Remote LogPoint. The Private IP of the remote LogPoint populates accordingly.

  5. Enter the Password of the remote LogPoint’s open door configuration.

    circle-info

    You can add multiple distributed collectors to one LogPoint.

  6. Click Next.

  7. Review your changes. You can go Back to make any changes if necessary.

    circle-info

    Click Download Report to save the summary of the task in PDF.

  8. Click Finish.

  9. Click OK.

hashtag
Multiport For Netflow Collector

circle-check

  • Use custom ports in the range 49152-65535.

  • Use ports not used by other collectors.

Multiport Netflow Collector is used to configure multiple UDP ports to collect and analyze NetFlow statistics logs.

chevron-rightConfigure Multiport For Netflow Collectorhashtag

  1. Go to Configure >> Settings >> System >> SMTP Settings.

  2. Select Multiport For Netflow Collector from the dropdown.

  3. Select the Logpoint instances to configure the Multiport settings.

  4. Click Next.

  5. Enter the Custom Port for UDP. Multiple custom ports can be entered.

  6. Click Next.

  7. Review your changes. You can go Back to make any changes.

  8. Click Download Report to save the summary of the task in PDF.

  9. Click Finish.

  10. Click OK.

hashtag
Multiport For Syslog Collector

circle-check

  • Use custom ports in the range 49152-65535.

  • Use ports not used by other collectors..

Multiport Syslog Collector is used to configure multiple TCP/UDP and SSL ports to collect data from sources that follow the syslog protocol.

chevron-rightConfigure Multiport For Syslog Collectorhashtag

  1. Go to Configure >> Settings >> System >> SMTP Settings.

  2. Select Multiport For Syslog Collector from the dropdown.

  3. Select the Logpoint instances to configure the Multiport settings.

  4. Click Next.

  5. Enter the Custom Port for TCP/UDP. Multiple custom ports can be entered.

  6. Enter the Custom Port for SSL. Multiple custom ports can be entered.

  7. Click Next.

  8. Review your changes. You can go Back to make any changes.

  9. Click Download Report to save the summary of the task in PDF.

  10. Click Finish.

  11. Click OK.

Last updated

Was this helpful?