Work with Collected Data

Understanding Normalization Tags

Each data type is tagged with a ModuleType to enable Logpoint's normalization:

Data Source

ModuleType Value

Purpose

Windows Event Logs

event_log

Triggers Logpoint event log normalization

DHCP Logs

N/A (CSV parsed)

Parsed as structured CSV data

DNS Debug Logs

N/A (raw format)

Sent as raw event data

Registry Monitoring

registry_scanner

Required for regmon parser

Searching in Logpoint

Finding Windows Events

ModuleType="event_log"

Finding Specific Event IDs

ModuleType="event_log" EventID=4624

Finding Registry Changes

ModuleType="registry_scanner"

Finding DHCP Events

Search by DHCP-specific fields:

SourceName="DHCPEvents"

Finding DNS Events

Search by DNS-specific fields:

SourceName="DNSDebug"

Data Format

Windows Event Logs

Converted to JSON format
Wrapped in Syslog BSD format
Sent over UDP port 514

DHCP Logs

Parsed as CSV
Converted to structured format
Forwarded via Syslog

DNS Logs

Sent as raw event data
Wrapped in Syslog format

Registry Events

Native im_regmon format
Directly compatible with Logpoint's parser
NOT converted to JSON

Last updated 20 days ago

Was this helpful?

Good morning

hashtagUnderstanding Normalization Tags

hashtagSearching in Logpoint

hashtagFinding Windows Events

hashtagFinding Specific Event IDs

hashtagFinding Registry Changes

hashtagFinding DHCP Events

hashtagFinding DNS Events

hashtagData Format

hashtagWindows Event Logs

hashtagDHCP Logs

hashtagDNS Logs

hashtagRegistry Events

Understanding Normalization Tags

Searching in Logpoint

Finding Windows Events

Finding Specific Event IDs

Finding Registry Changes

Finding DHCP Events

Finding DNS Events

Data Format

Windows Event Logs

DHCP Logs

DNS Logs

Registry Events