circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Visit the old documentation portal.arrow-up-right
search

Logpoint Agent (Centralized)

Logpoint Agent (Centralized), previously known as Logpoint Agent Collector, is a policy-driven log collection agent that collects and forwards logs from Windows systems to Logpoint SIEM. Once deployed, all lifecycle operations, including configuration, policy updates, and rollouts, are managed centrally from the Logpoint SIEM, ensuring uniform behavior across all deployed agents. This enables comprehensive visibility into Windows events, file changes, registry modifications, and custom log files, supporting faster detection, compliance monitoring, and incident response. It is best suited for environments that prefer predictable configurations, simplified management, and do not require high-throughput or load-balanced event handling.

Logpoint Agent (Centralized) Features

  • Event Log Collection

  • Flat File Collection

  • File Integrity Scanning

  • Windows Registry Scanning

  • Granular Event Filtering

  • Central Configuration

  • Log Position Tracking

The integration includes:

  • Logpoint Agent for Windows (.msi installer) to deploy the agent on Windows endpoints for log collection.

  • Logpoint Agent Collector Powered by NxLog to retrieve logs from Windows systems and forward them to Logpoint SIEM for processing.

  • LPACollectorServiceMonitor to monitor the health and status of the collector service.

  • Normalization Package (LP_Integrity Scanner) to standardize File Integrity Scanner and Windows Registry Scanner logs for consistent analysis.

  • Certificate Management to establish encrypted agent-to-server communication using TLS.

  • Template-based Configuration to define collection policies for Windows Event Logs, flat files, file integrity monitoring, and registry monitoring.

  • Centralized Policy Management to configure normalization, enrichment, and routing policies from the Logpoint SIEM interface.

When configured, Logpoint Agent (Centralized) continuously monitors Windows systems for security events, file modifications, registry changes, and application logs, enabling proactive threat detection and forensic analysis.

hashtag
Supported Events

  • Supported platforms:

    • 64-bit Windows Server 2008/Vista or later

    • Windows Server 2012, 2016, 2019, 2022

    • Windows 10, Windows 11

  • Log collection types:

    • Windows Event Log Collection: System logs, Application logs, Security logs, Custom event logs, DNS logs, PowerShell logs, Sysmon logs

    • File Collection: Standard ASCII flat files, Custom application logs, IIS logs, Apache logs, Text-based log files with wildcard and recursive directory support

    • File Integrity Scanner: New directory/file creation, Directory/file deletion, Directory/file renaming, File content changes, Checksum-based change detection

    • Windows Registry Scanner: Registry value creation, Registry value modification, Registry value deletion, Registry key changes, 32-bit and 64-bit registry monitoring

Last updated

Was this helpful?