circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Visit the old documentation portal.arrow-up-right
search

Log Reference

hashtag
Windows Event Log Sample

col_type: LPAgent
module_type: event_log
log_name: Security
event_id: 4624
level: Information
source_name: Microsoft-Windows-Security-Auditing
user: DOMAIN\username
computer: WORKSTATION01
message: An account was successfully logged on.

hashtag
File Collection Sample

col_type: LPAgent
module_type: file_collection
file_path: C:\inetpub\logs\LogFiles\W3SVC1\u_ex231201.log
source_address: 192.0.2.0
message: 2023-12-01 10:15:23 W3SVC1 WEBSERVER01 192.0.2.0 GET /api/users 200

hashtag
File Integrity Scanner Samples

New Directory Created:

col_type: LPAgent
module_type: file_scanner
action: DIR_CREATE
file_path: C:\Users\Admin\Documents\NewFolder
checksum_before: N/A
checksum_after: <directory_checksum>

Directory Deleted:

File Created:

File Content Modified:

File Renamed:

File Deleted:

hashtag
Windows Registry Scanner Samples

Registry Value Modified:

Registry Value Deleted:

hashtag
Field Mapping

Logpoint Agent (Centralized) fields are mapped to Logpoint standardized fields:

Common Field Mappings:

  • source_address → Device IP address

  • computer → Windows computer name

  • user → User account associated with event

  • module_type → Collection type (event_log, file_collection, file_scanner, registry_scanner)

  • log_name → Windows event log channel name

  • event_id → Windows event ID

  • level → Event severity level

  • file_path → Full path to monitored file

  • action → Action taken (CREATE, MODIFY, DELETE, RENAME)

  • checksum_before → File checksum before change

  • checksum_after → File checksum after change

  • registry_path → Registry key path

  • registry_key → Registry value name

Last updated

Was this helpful?