Version:

Work with Collected Data

Understanding Normalization Tags

Each data type is tagged with a ModuleType to enable Logpoint’s normalization:

Data Source

ModuleType Value

Purpose

Windows Event Logs

event_log

Triggers Logpoint event log normalization

DHCP Logs

N/A (CSV parsed)

Parsed as structured CSV data

DNS Debug Logs

N/A (raw format)

Sent as raw event data

Registry Monitoring

registry_scanner

Required for regmon parser

Searching in Logpoint

Finding Windows Events

ModuleType="event_log"

Finding Specific Event IDs

ModuleType="event_log" EventID=4624

Finding Registry Changes

ModuleType="registry_scanner"

Finding DHCP Events

Search by DHCP-specific fields:

SourceName="DHCPEvents"

Finding DNS Events

Search by DNS-specific fields:

SourceName="DNSDebug"

Data Format

Windows Event Logs

  • Converted to JSON format

  • Wrapped in Syslog BSD format

  • Sent over UDP port 514

DHCP Logs

  • Parsed as CSV

  • Converted to structured format

  • Forwarded via Syslog

DNS Logs

  • Sent as raw event data

  • Wrapped in Syslog format

Registry Events

  • Native im_regmon format

  • Directly compatible with Logpoint’s parser

  • NOT converted to JSON

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support