Log Sources are templates for integrations that allow you to configure various servers, applications, network devices, databases, or any other sources to collect or fetch their logs. The collected or fetched log data is then centralized and analyzed within Logpoint in real-time to detect potential security threats. Cloud sources can have multiple endpoints, and each configured source consumes one device license.
After you configure a Log Source and save it, it can be used as a template. These templates can be saved and later used to configure the same or different sources. Templates simplify the process of configuring log sources by providing pre-defined settings, reducing the need for manual configuration and minimizing the risk of configuration errors. They also ensure consistency in collecting, processing, and analyzing log data, critical for accurate security event analysis and reporting.
You must have Read, Create and Delete permissions of Devices, DeviceGroups, Log Collection Policy and Parsers to configure Log Source.
You can access Log Sources from Settings >> Log Sources in the navigation bar or directly from QUICK START in All Dashboards.
Log Sources in Quick Start¶
The Log Sources page displays an overview of each log source including its Name, Template used, Node Type, if it is Collector/Fetcher, the Repo where the logs are stored, and the timestamp of the last log received. If a log is received within the set threshold time, its Last Log Received timestamp appears in green. If no log is received within that period, the log source is considered inactive and the timestamp is shown in yellow. The default inactivity threshold is 60 minutes, but this can be edited when creating a log source.
You can also create a query with “status”=”inactive” “message”=”Inactive Logsource monitoring” to generate alerts, visualize data in dashboards, create reports, and perform searches for inactive log sources.
Log Sources Page¶