Version:

Configuring Log Sources

Important

To configure the Universal REST API Fetcher, go to its guide.

Editing Log Source

  1. Go to Settings >> Log Sources from the navigation bar.

  2. Click the log source and make the necessary changes.

  3. Click Update Log Source.

_images/update_logsource.png

Editing Log Source

Deleting Log Source

  1. Go to Settings >> Log Sources from the navigation bar.

  2. Click the (more) icon of the log source and click Delete Log Source.

_images/delete.png

Deleting Log Source

  1. Click Delete.

Alternatively,

  1. Go to Settings >> Log Sources from the navigation bar.

  2. Click on the Log source.

  3. Click the (more) icon and click Delete Log Source.

  4. Click Delete.

Vendor Templates

Logpoint comes with a list of pre-configured Vendor Templates that can be used to create new log sources. The vendor templates are as follows:

  1. DuoSecurityFetcher

  2. Sophos

  3. Okta

  4. CiscoAMP

_images/Vendor_templates.png

Vendor Templates

Saving Configurations as a Template

The log source configurations can be saved as a template and later used to configure the same or a different source. You can also export the templates and upload them while configuring log sources.

To save configurations as a template:

  1. Go to Settings >> Log Sources from the navigation bar.

  2. Click the previously created log source.

  3. Click the more (Ellipsis) icon and click Configure Template.

  4. Configure the template.

  5. Click Save as Template.

To find the created template, go to Settings >> Log Sources and click Browse Log Source Templates. You can find the list of created templates.

_images/templates1.png

Accessing Templates

To use the created template as a log source, click the template and click Save Configuration. The template is now saved as a log source. However, Logpoint must have the normalizers and repos used in the template. If the repos are not there, you must either create repos with the same names or select different ones. For normalizers, you can either install the normalizer or deselect them.

Note

If Logpoint does not have the signature-based normalization package used in the imported template, Log source automatically installs it.

Updating Log Source Template Configurations

  1. Go to Settings >> Log Sources from the navigation bar.

  2. Click Browse Log Source Templates.

  3. Click the (more) icon for the Log Source Template

  4. Click Edit Template.

  5. Make the necessary changes and click Update Template.

    5.1. To save the changes in a new template, enter a new name for the template and click Clone and Save as New Template.

    _images/templateedit34.png

    Cloning Templates

    5.2. To save the changes in the same template, click Update Template.

    You can also update the log sources configurations that are created using this template. Select the log sources to update and click Update Log Sources. However, only the following entities are updated:

    • Fetch Interval (min)

    • Request Timeout (secs)

    • Retry After (secs)

    • Charset

    • Custom Headers

    • Enforce HTTPS Certificate Verification

    • Normalizer

    • Logo

    • Description

    • Vendor Name

      _images/templatesource.png

      Updating Log Sources

Updating Log Source Template

  1. Open the Log source and click on Update Available. You will only see Update Available if the template from which the log source was created has been updated.

    _images/LP_Update.png

    Update Available

  2. Select the Log source and click Update Log Sources.

    _images/templatesource.png

    Updating Log Sources

Exporting Log Source Template

During export, all custom normalization packages in the template are exported. For vendor normalization packages, only their metadata (name, version and vid) is exported.

You must first configure Log Source and save it as a template to export it.

To export a Log Source template:

  1. Go to Settings >> Log Sources from the navigation bar and click Browse Log Source Templates.

  2. Click the (more) icon and click Edit Template.

  3. Click the (more) icon and click Configure Template.

  4. Click Export Template.

_images/templateedit.png

Exporting Templates

Importing Log Source Template

To import a Log Source template:

  1. Go to Settings >> Log Sources from the navigation bar and click Browse Log Source Templates.

  2. Click Import Templates.

  3. Browse to the exported .pak file.

_images/importing_template.png

Importing a template.

  1. Click OK.

Go to Settings >> Log Sources to find the imported template. If a template with the same name as the imported template exists, you must change it. In Choose new names, enter a new name for the template and click OK.

_images/invalidimports.png

Invalid Imports

If you create a Log Source with an imported template consisting of a custom normalization package, the package is automatically created in your Logpoint. In the case of name conflict, the suffix “_1” is added to the custom package.

In the case of vendor normalization packages, if your Logpoint has the same or a newer version of the vendor normalization package, the new version is automatically selected. If your Logpoint has the older version or does not have the required package, you must download and install the latest package from the Service Desk.

Deleting Log Source Template

  1. Go to Settings >> Log Sources from the navigation bar and click Browse Log Source Templates.

  2. Click the (more) icon for the Log Source and click Delete Template.

_images/deleting_template.png

Deleting Template

  1. Click Delete.

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support