circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Logpoint Agents

Agents are lightweight components you install on the systems you want to monitor, giving you a direct and reliable way to collect logs, capture endpoint activity, and perform response actions when needed. This section provides insights into the various Logpoint Agent options, helping you make informed decisions tailored to your specific environment and operational goals.

hashtag
Choosing the Right Agent

Logpoint provides three agent options to support different deployment requirements: Logpoint Agent (Standalone), Logpoint Agent (Centralized), and AgentX. Each option offers distinct capabilities, ranging from scalable log collection to centrally managed configuration and endpoint detection. Use the following guidance to determine which agent is most appropriate for your environment.

hashtag
Logpoint Agent (Standalone)

Logpoint Agent (Standalone) is an independent, high-performance log collector designed for most production deployments. It supports high event throughput, load balancing, and standard UDP/TCP Syslog forwarding without requiring centralized control. This makes it well-suited for complex, distributed, or dynamic environments where scalability and resilience are essential.

Use Logpoint Agent (Standalone) when:

  • You need high-volume log collection.

  • The environment includes distributed, unstable, or intermittently connected networks.

  • Deployments require load balancing or support for high events-per-second (EPS).

  • Devices operate across NAT or variable IP addressing.

Avoid using Logpoint Agent (Standalone) when centralized configuration and policy management are mandatory. For environments that require central control, use Logpoint Agent (Centralized).

hashtag
Logpoint Agent (Centralized)

Logpoint Agent (Centralized) enables policy-driven log collection managed directly from the Logpoint SIEM. All agent lifecycle tasks, including configuration, policy updates, and rollouts, are administered centrally, ensuring consistent behavior across deployed agents.

Consider Logpoint Agent (Centralized) for:

  • Environments that prioritize consistent configuration and simplified administration.

  • Smaller or static deployments that do not require high throughput.

  • Scenarios where centralized policy enforcement is critical.

Avoid Logpoint Agent (Centralized) when devices must handle high event throughput, rely on load balancing, or operate with variable addressing. For these requirements, use Logpoint Agent (Standalone).

hashtag
AgentX

AgentX is an endpoint agent designed for detection and response. It provides enhanced endpoint visibility and supports actions such as containment and remediation. However, it is not intended for large-scale log collection.

Use AgentX for:

  • Endpoint detection and response (EDR).

  • Containment and remediation workflows.

  • Lightweight telemetry collection tied to security operations.

Do not use AgentX when high-volume log collection, NAT handling, or variable IP support is required. For scalable log forwarding, use Logpoint Agent (Standalone).

Last updated

Was this helpful?