circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Visit the old documentation portal.arrow-up-right
search

Best Practices

hashtag
Configuration Selection

hashtag
Use Simple Configuration when:

  • You only need Windows Event Log collection

  • Deploying to non-server systems (workstations)

  • Testing or proof-of-concept

  • Minimal overhead is critical

hashtag
Use Advanced Configuration when:

  • Deploying to servers with DHCP/DNS roles

  • Security monitoring is a priority

  • You need registry change detection

  • Comprehensive visibility is required

hashtag
Deployment Strategy

  • Test first - Deploy to test systems before production

  • Start simple - Begin with simple configuration, add complexity as needed

  • Staged rollout - Deploy to small groups, then expand

  • Document settings - Keep records of IP addresses and customizations

  • Baseline behavior - Understand normal event volumes before alerts

hashtag
Security Considerations

  • Protect configuration files - Restrict access to agent config files

  • Monitor agent logs - Watch for unexpected errors or warnings

  • Regular updates - Keep agent software updated

  • Backup configurations - Save working configs before changes

  • Review exclusions - Ensure sensitive data is properly excluded

hashtag
Performance Optimization

  • Start with defaults - The default filters are optimized for most environments

  • Monitor volume - Watch data ingestion rates in Logpoint

  • DNS logging caution - Enable DNS debug logging selectively (high volume)

  • Filter appropriately - Add filters for environment-specific noisy events

  • Registry scan interval - Default 10-day interval balances detection and performance

hashtag
Customization Guidelines

hashtag
Adding Event ID Filters

To filter additional Event IDs in advanced configuration:

hashtag
Adding Registry Paths

To monitor additional registry paths:

hashtag
Adding Registry Exclusions

To exclude noisy or sensitive paths:

hashtag
Maintenance

  • Review exclusions - Periodically review Event ID filters

  • Check log rotation - Verify agent logs are rotating properly

  • Test after changes - Always verify data flow after configuration changes

  • Document customizations - Keep notes on why filters were added

  • Monitor resource usage - Track CPU and memory consumption

hashtag
Troubleshooting Workflow

  1. Check service status - Is the agent running?

  2. Review agent logs - Any errors or warnings?

  3. Verify configuration - Is the syntax correct?

  4. Test connectivity - Can the agent reach Logpoint?

  5. Use local file output - Temporarily output to file to verify data collection

  6. Check Logpoint - Is data being received and parsed?

  7. Enable DEBUG - Temporarily raise log level if needed

  8. Restart service - After making changes

Last updated

Was this helpful?