Version:

Devices

Devices are machines from where logs are collected. You must add and configure them to start receiving logs. In the Devices list, use Last Log Received to view the last time a device sent log(s). To view details of each device, click the Details icon under Actions.

../_images/LP_Config_Devices_List.png

Devices

Adding a Device

  1. Go to Settings >> Configuration from the navigation bar and click Devices.

../_images/LP_Config_Devices_List_Add.png

Devices

  1. Click ADD.

../_images/LP_Config_Devices_Add.png

Adding a new device

  1. Enter the device’s Name and Device address(es). Device addresses are IP addresses or hostnames of the device.

  2. Select Device Groups and Log Collection Policies.

  3. Select a collector/forwarder from the Distributed Collector drop-down. The drop-down lists all the distributed collectors and syslog forwarders configured in the Distributed Logpoints.

    Note

    It is optional to select Device Groups, Log Collection Policies, and Distributed Collector.

  4. Select a Time Zone. The timezone of a device must be the same as it’s log source. Logpoint uses timezone to convert the timestamp in the collected logs to the timezone of the user searching the logs. If the timezones do not match, you may not see search results in the expected timeframe.

For example, if you are working in London and want to add two different devices located in Cairo and Brisbane, add the timezones as GMT+2:00 (Cairo) and GMT+10:00 (Brisbane).

  1. Select RISK VALUES for the device. Logpoint uses the values to calculate the risk levels of any alerts generated from the device. For details, see step 19 of Creating an Alert Rule.

  2. Click Submit.

  3. In Available Collectors/Fetchers, select the relevant collectors and fetchers for the device.

../_images/LP_Config_LCP_ConfigureCF.png

Collectors and Fetchers

  1. Click Submit.

To add collectors and fetchers on the existing devices, click the Add Collectors/Fetchers icon under Actions. Go to Built-in Collectors and Built-in Fetchers to configure the built-in collectors and fetchers.

Adding Bulk Devices

  1. Go to Settings >> Configuration from the navigation bar and click Devices.

  2. Click ADD BULK DEVICES.

../_images/LP_Config_Devices_Bulk_Add.png

Adding Bulk Devices

  1. Click Add.

  2. Click Submit.

    Note

    • Click Detect Blocked IPs for a list of the IPs blocked on the ports where there are configured collectors. The list is all the devices sending logs to the Logpoint within the last hour.

    • To add the blocked device, double-click the blocked IP. The device’s details are in PROPERTY, which you can use to manually enter or edit the device’s properties.

    • You can also add a new device using PROPERTY. Enter the device’s details and click Add.

    • Click Ignore icon to ignore it.

    • Click Ignored List button to view a list of all the IGNORED DEVICES.

      ../_images/LP_Config_Devices_Bulk_Ignored_List.png

      Ignored Devices

    • To remove the devices from the list, click Remove (remove) icon under Actions.

Importing Devices Via a CSV File

You can add one or multiple devices at a time by importing them via a CSV file.

The first line of the CSV file must be a header row with the following fields:

  • device_name

  • device_ips

  • device_groups

  • log_collection_policies

  • distributed_collector

  • confidentiality

  • integrity

  • availability

  • timezone

The device_name and device_ips fields are mandatory. The values provided for all the non-mandatory fields must already exist in the system.

The field values are separated with a comma (,) but if a field has multiple values, it should be written within a double quotation mark (“”).

Logpoint predefines which timezone values you need to use in the CSV file. Use the names exactly as listed in the List of Timezones.

To import devices via a CSV file:

During device import, click Jobs to check the status of the import.

  1. Go to Settings >> Configuration from the navigation bar and click Devices.

  2. Click IMPORT.

../_images/LP_Config_Devices_List_Import.png

Importing Devices via a CSV File

  1. Browse for the CSV file.

  2. Click Submit.

You can also configure Syslog Collector while importing devices via a CSV file.

To configure Syslog Collector via a CSV file:

  • If you want the device to use a proxy, add the uses_proxy, proxy_ip, hostname, and processpolicy fields in the header row and the value of uses_proxy for the corresponding device must be TRUE.

  • If you want the device to be used as a proxy, add the use_as_proxy, charset, and parser fields in the header row and the value of use_as_proxy for the corresponding device must be TRUE.

Note

  • Proxy settings are not available for Classless Inter-Domain Routing.

Editing a Device

  1. Go to Settings >> Configuration from the navigation bar and click Devices.

  2. Click the Name of the device.

../_images/LP_Config_Devices_List_Edit.png

Devices

  1. Update the information.

  2. Update the collectors/fetchers for the device.

  3. Click Submit.

Deleting a Device

  1. Go to Settings >> Configuration from the navigation bar and click Devices.

  2. Click the Delete icon under Actions of the device.

    ../_images/LP_Config_Devices_List_Delete.png

    Devices

  3. To delete multiple devices, select the devices. Click More and choose Delete Selected.

    ../_images/LP_Config_Devices_List_DeleteSelected.png

    Devices

  4. To delete all the devices, click More and choose Delete All.

    ../_images/LP_Config_Devices_List_DeleteAll.png

    Devices

  5. Click Yes to confirm deletion.

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support