circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Ingest Logs

hashtag
Prerequisites

  • Logpoint: v6.9.0 or later

  • Mimecast Access:

    • Administrative access to Mimecast console

    • Ability to create service accounts and API integrations

    • Enhanced logging enabled on Mimecast

    • API application credentials (Application ID, Application Key, Access Key, Secret Key)

Before configuring Mimecast in Logpoint, you must complete the following configurations in Mimecast:

  1. Enable Enhanced Logging

  2. Register an Application Integration

  3. Create a Profile Group for the Service User Account

  4. Create a Dedicated Service User Account

  5. Create an Authentication Profile and Application Settings

  6. Generate Access Key and Secret Key

  7. Grant the User to an Administrator Role

hashtag
Install Mimecast

  1. Download the .pak file from the Download section in Help Center.

  2. Install the Package

    1. Go to Settings >> System Settings from the navigation bar.

    2. Click Applications.

    3. Click Import.

    4. Browse to the downloaded .pak file.

    5. Click Upload.

  3. Verify Installation After installation, verify the integration appears under Settings >> System Settings >> Plugins.

hashtag
Configure Mimecast

hashtag
Configuring a Repo for Mimecast

  1. Go to Settings >> Configuration from the navigation bar and click Repos.

  2. Click Add.

  3. Enter a Repo Name.

  4. Select a Repo Path and set a Retention Day. You can add and remove multiple Repo Path and Retention Day.

  5. Select a Remote LogPoint.

  6. Set a Available for (day). To reset, click Remove.

  7. Click Submit.

hashtag
Adding a Normalization Policy for Mimecast

Normalization policies normalize and standardize logs for efficient storage, analysis, and retrieval.

  1. Go to Settings >> Configuration from the navigation bar and click Normalization Policies.

  2. Click Add.

  3. Enter a Policy Name.

  4. Select MimecastCompiledNormalizer.

  5. Click Submit.

hashtag
Configuring the Mimecast Fetcher

To configure the Mimecast Fetcher, you must first apply some configurations in Mimecast. Refer to the Appendix section for detailed steps on obtaining the required credentials.

  1. Go to Settings >> Configuration from the navigation bar and click Devices.

  2. Click the Add collectors/fetchers icon under Actions of the localhost device.

  3. Click Mimecast Fetcher.

  4. Click Add.

  5. Enter the Mimecast Application ID and Application Key. (Refer to Appendix section 7.2 for information on obtaining them)

  6. In Base URL, enter the URL of the region the Mimecast account is hosted. For URLs of different regions supported by Mimecast, refer to Mimecast's Base URL Host Namesarrow-up-right documentation.

  7. Enter the Mimecast Access Key and Secret Key. (Refer to Appendix section 7.6 for information on obtaining them)

  8. Select the Fetch Interval (minutes).

  9. Select a Processing Policy that includes the previously created normalization policy.

  10. Select the Charset.

  11. Click Submit.

Important: Mimecast fetches logs within the next 30 minutes after you save the Enhanced Logging settings in Mimecast.

hashtag
Verify Ingestion

hashtag
Check Log Ingestion

Use the following query to verify Mimecast logs are being ingested:

Or search by normalizer:

hashtag
Verify Data Flow

  1. Check MimecastLogFetcher Status: Ensure the Mimecast fetcher is running without errors in the Devices configuration.

  2. Monitor Log Volume: Verify expected log volumes are being processed based on email traffic.

  3. Validate Normalization: Confirm logs are correctly parsed and normalized using the MimecastCompiledNormalizer.

  4. Test Dashboards: Access Mimecast dashboards to verify data visualization.

  5. Verify Enhanced Logging: Ensure Enhanced Logging is enabled in Mimecast for Inbound, Outbound, and Internal email categories.

Last updated

Was this helpful?