Search and Configure Overview
In Director Console, you can:
Configure entities, built-in collectors/fetchers, operations, plugins, system settings, and manage users on the Fabric-enabled LogPoint instances from the Configure page.
Search the configured entities, and modify or delete them from the Search page.
View the Director setup components graphically, configure new entities in a Fabric-enabled LogPoint, and view its existing configurations from the Config View page.
Install and uninstall assets from the Assets page.
Configure different authentication from the Authentication page.
Synchronize the Director Console database from the Resync Database page.
View tasks summary from the Tasks page.
Search
You can search for the entities available in the Fabric-enabled LogPoint instances from the Search page. You can now modify identical entities of same entity type in multiple LogPoint instances from the search result. You can only modify the entities that are version compatible with each other.
You can also use the Advanced Search option to search for the entities in the Fabric-enabled LogPoint instances based on two criteria:
Machine Criteria to search for a LogPoint.
Configuration Criteria to search for the entities created in a LogPoint.
You can use each criteria separately or use them together to enhance the search results.
You can also use the Advanced Search in the Configure page. However, in the Configure page, the Advanced Search lets you use the Machine Criteria only to carry out your searches.
Configure
Configure Entities, Collectors/Fetchers, Settings, and Manage Logpoint Users
You can configure entities, built-in collectors/fetchers, operations, plugins, system settings, shell, UEBA and manage users on the Fabric-enabled LogPoint instances from the Configure page.
Configurable Entities and Collectors/Fetchers:
Entities
Collectors/Fetchers
Device Groups
File System Collectors
Devices
FTP Collectors
Enrichment Policies
FTP Fetchers
Label Packages
SCP Fetchers
Lists
SFLow Collectors
Log Collection Policies
Snare Collectors
Macros
SNMP Fetchers
Normalization Packages
SNMP Trap Collectors
Normalization Policies
Syslog Collectors
Parsers
WMI Fetchers
Processing Policies
–
Raw Syslog forwarders
–
Remote Targets
–
Repos
–
Routing Policies
–
SNMP Policies
–
Configurable Plugins, System Settings, and Operations:
Plugins
System Settings
Operations
Threat Intelligence
General Settings
Blocked and Ignored IPs
Cisco AMP
SMTP Settings
Configure Backup
Stix/Taxii
NTP Settings
Create LDAP Strategy
Microsoft Defender ATP
SNMP Settings
Create Snapshot
CiscoUmbrella
HTTPS Settings
Manage LDAP Strategy
CSVEnrichmentSource
Lockout Policy Settings
Manage Snapshot
–
SSH Settings
Refresh List APIs
–
Support Connection Settings
Manage Backup
–
Modes of Operation Settings
–
–
Enrichment Settings
–
–
Open Door Settings
–
–
Distributed LogPoint Settings
–
You can also select an action from Frequent Actions or Suggested Actions:
Frequent Actions lists the top four actions that you perform frequently. These four actions are the four most frequent tasks you have performed from the list of 100 most recent entities or built-in collectors/fetchers tasks.
Suggested Actions lists the actions that you might find useful. They are based on the last five unique entities or built-in collectors/fetchers tasks that you have carried out.
Operations
You can configure Blocked and Ignored IPs, configure Backup, create LDAP Strategy, create Snapshot, manage LDAP Strategy, manage Snapshot, Refresh List APIs, manage Backup, and view machine details of a Fabric-enabled LogPoint from the Operations page.
Select Configuration Location Table Details:
Header
Description
Pool
Provides the pool name of the machine.
Machine
Provides the name of the machine.
Version
Provides the version of LogPoint.
Machine Type
Lets you identify whether the machine is a collector or a distributed LogPoint.
In a Collector LogPoint, you can view the Machine Info, create Snapshots and refresh list for the Support Connection Settings API only.
In a DLP, you can perform all the operations available.
Director Mode
Lets you identify whether the users of the Fabric-enabled LogPoint instances can have complete control over their system despite being connected to the Director setup.
In Co-Managed mode, the users cannot perform any configure and search actions for that particular machine from the Director Console.
In Fabric Only mode, the users have access to all the configure and search features for that particular machine from the Director Console.
Action
You can view the Machine Info of a LogPoint by clicking the Info icon. The Machine Info lists the following details of the machine:
Pool Identifier
Pool Name
Machine Identifier
Machine Name
IP Address
Version
Collector
Co-Managed
View Config View and Add a New Source
The Config View page allows you to:
View the Director setup components graphically.
Configure new entities in a Fabric-enabled LogPoint and view its existing configurations.
Configure the entities required to add a new source in a single flow.
Retry a failed operation without the need to re-enter the form data in the Add New Source panel.
View LogPoint details such as version, machine identifier, director mode, machine type, and IP address by clicking on the LogPoint node on the graph.
View pool details such as name, UUID, and LogPoint instances connected to it by clicking on the pool node on the graph.
Group LogPoints based on their versions by right-clicking on the pool node and selecting Show in groups.
Config View Page
The Config View page also has the following features:
Auto Layout to spread the graph into a clean layout.
Fit to Screen to fit the graph on the screen.
Filter to filter the graph based on pools and LogPoint instances.
Reset to set the graph to the original state.
Configure Assets
Assets are the IPLookups, Label Packages, Lists, Macros, Normalization Packages, Patches, and Plugins that you can install on a Fabric-enabled LogPoint. You can install an asset on multiple LogPoint instances of different pools from the Assets page. You can also uninstall assets from multiple LogPoint instances of different pools at once.
Configure Authentication
You can log into the Director Console using any of the following authentication mechanisms:
Director Console Authentication
LDAP Authentication
AD FS Authentication
Resync Database
The resync database setting allows you to synchronize the Fabric-enabled LogPoint information in Director Console in case of missing LogPoint information.
View Tasks Summary
The Tasks page shows you can view and filter the list of tasks performed in the Director Console.
Admin users can view all users’ tasks. Regular users can only view their own tasks.
Status of a task can either be In Progress, Failed, or Completed. Click the corresponding task to see its details.
Admin users can select Show All to view all the tasks.
You can view the number of tasks summary in the Dashboard Widgets section.
You can also retry configuring entities and built-in collectors/fetchers from the Tasks page. To retry a failed task, click Retry from the Actions column.
You have to retry the failed tasks within four hours.
You cannot retry importing devices.
If you select multiple LogPoint instances for a task, you can retry the task only if it fails in all selected instances. If the task succeeds in any LogPoint, you have to retry the task in the rest of the LogPoint instances individually. For example, you configure a device in three LogPoint instances: LP1, LP2, and LP3, where the task fails in LP2 and LP3 only. Here, you have to retry the task for LP2 and LP3 individually. Tasks failed for some Logpoint instances:
Tasks Failed due to a subtask:
If you change a failed task’s parameters before retrying, the old parameters are applied when you retry the task. For example, if you fail to configure a device Device-A which belongs to the device group DeviceGroup-A. If you change or delete DeviceGroup-A before retrying, it is still selected when you retry configuring the device. Here, you have to select the required device group and proceed with the task.
Last updated
Was this helpful?