You must deploy Logpoint Cloud Connector Appliance in your network to send log information to Logpoint SaaS. Logpoint Cloud Connector Appliance allows collection of logs from a large variety of on-premise and cloud-based data sources.
If logs cannot be sent from Logpoint to Logpoint SaaS, they are temporarily stored in a disk buffer. This buffer has a retention period of 24 hours. After this period, the buffer folders are automatically deleted, even if the logs have not been processed.
To deploy and configure log collection with Logpoint Cloud Connector Appliances:
Provision a virtual machine or device that meets hardware requirements. Use the Cloud Connector Appliance Sizing Helper to estimate your hardware requirements.
Install Logpoint SIEM+SOAR from an ISO, VHD, or AMI depending on your infrastructure.
Install Logpoint Cloud Connector Plugin.
Disable Local Log Storage in the Cloud Connector Plugin.
Configure devices, normalization, and enrichment policies.
Configure enrichment subscriber.
You will need to configure repositories with the same names in both Cloud Connector Appliance and SaaS Web UI to successfully send the log information to SaaS service.
Repositories in the Cloud Connector Appliance may use the default storage path, and the Local Log Storage in Cloud Connector Plugin must be disabled. The repository names will be used in the routing policy configurations to route the log data to correct repositories in SaaS Web UI. For more details, go to Repos.
Go to Configure SaaS Instance for detail on how to configure repositories in SaaS Web UI.