Logpoint Agent (Standalone) is an enterprise-grade log collection and forwarding agent built on the NXLog Enterprise platform. It enables organizations to collect log data from multiple Windows sources and forward it to Logpoint SIEM over Syslog (UDP/514) for centralized monitoring and analysis. Logpoint Agent (Standalone) is designed to be lightweight for production environments, compatible with Logpoint’s native normalizers, and easy to extend as new data sources are added.
Logpoint Agent (Standalone) Features
Multi-source log collection from files, Windows Event Logs, and registry changes
Flexible deployment options via interactive installation, msiexec, or Group Policy
Modular architecture with extensible input, output, and processing modules
JSON and Syslog formatting capabilities
Registry monitoring for security and compliance use cases
Support for modern Windows operating systems (Windows 2019/2022/2025)
Logpoint Agent (Standalone) Components
Window Installer
Logpoint Agent for Windows
Logpoint provides three agent options to support different deployment requirements: Logpoint Agent (Standalone), Logpoint Agent (Centralized), and AgentX. Each option offers distinct capabilities, ranging from scalable log collection to centrally managed configuration and endpoint detection. Use the following guidance to determine when Logpoint Agent (Standalone) is the most appropriate choice for your environment, and when to consider the alternative options.
Logpoint Agent (Standalone) is an independent, high-performance log collector designed for most production deployments. It supports high event throughput, load balancing, and standard UDP/TCP Syslog forwarding without requiring centralized control. This makes it well-suited for complex, distributed, or dynamic environments where scalability and resilience are essential.
Use Logpoint Agent (Standalone) when:
You need high-volume log collection.
The environment includes distributed, unstable, or intermittently connected networks.
Deployments require load balancing or support for high events-per-second (EPS).
Devices operate across NAT or variable IP addressing.
Avoid using Logpoint Agent (Standalone) when centralized configuration and policy management are mandatory. For environments that require central control, use Logpoint Agent (Centralized).
Logpoint Agent (Centralized) enables policy-driven log collection managed directly from the Logpoint SIEM. All agent lifecycle tasks, including configuration, policy updates, and rollouts, are administered centrally, ensuring consistent behavior across deployed agents.
Consider Logpoint Agent (Centralized) for:
Environments that prioritize consistent configuration and simplified administration.
Smaller or static deployments that do not require high throughput.
Scenarios where centralized policy enforcement is critical.
Avoid Logpoint Agent (Centralized) when devices must handle high event throughput, rely on load balancing, or operate with variable addressing. For these requirements, use Logpoint Agent (Standalone).
AgentX is a lightweight endpoint agent designed for detection and response. It provides enhanced endpoint visibility and supports actions such as containment and remediation, but is not intended for large-scale log collection.
Use AgentX for:
Endpoint detection and response (EDR).
Containment and remediation workflows.
Lightweight telemetry collection tied to security operations.
Do not use AgentX when high-volume log collection, NAT handling, or variable IP support is required. For scalable log forwarding, use Logpoint Agent (Standalone).
If you need assistance:
Refer to the NXLog documentation for detailed configuration options
Check the Quick References for quick answers
Review the Monitoring and Troubleshooting section for common issues
If you have any questions or require assistance, create a support ticket.