Go to Settings >> Configuration from the navigation bar and click Normalization Policies.
Click Add.
Enter a Policy Name.
Select all the Compiled Normalizers and Normalization Packages applicable for Windows.
DNSCompiledNormalizer supports the DNS logs with:
The ISO date format: YYYY/MM/DD.
The US date format: MM/DD/YYYY.
DNSCompiledNormalizerEU supports DNS logs with:
The ISO date format: YYYY/MM/DD.
The European date format: DD/MM/YYYY.
Logpoint interprets the date format according to the selected compiled normalizer. We recommend you select compiled normalizer in the normalization policy based on your requirements.
Note
You must select the LPA_Windows compiled normalizer at last.
Click Submit.
Adding a Normalization Policy¶
Go to Settings >> Configuration from the navigation bar and click Devices.
Click Add.
Adding Windows as a Device¶
Enter a device Name.
Enter the IP address(es) of the Windows server.
Enter the Device Groups.
Select an appropriate Log Collection Policy for the logs.
Select a collector or a forwarder from the Distributed Collector.
Note
It is optional to select the Device Groups, the Log Collection Policy, and the Distributed Collector.
Select a Time Zone. The timezone of the device must be the same as its log source.
Configure the Risk Values for Confidentiality, Integrity, and Availability. These values are used to calculate the risk levels of the alerts generated from the device.
Click Submit.
Available Collectors and Fetchers¶
Go to Settings >> Configuration from the navigation bar and click Devices.
Search for the previously added device.
Click the Add icon from Actions.
Click Syslog Collector.
Configuring Syslog Collector¶
Select Syslog Parser as Parser.
Select a Processing Policy that uses the previously created `normalization policy`_.
Select the Charset.
Select None in Proxy Server.
Click Submit.