circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Node Counting

hashtag
Node Counting

A node is a data source that generates logs. Logpoint tracks your license usage based on the total number of nodes used. Logpoint categorizes them into two types: Cloud Nodes and Nodes.

hashtag
Cloud Nodes

They are part of cloud services hosted on platforms such as AWS, Azure, Google Cloud Platform, Salesforce, and Cisco. Logpoint counts and displays the total number of log sources from these cloud platforms as cloud nodes. For hyper-scaler collectors/fetchers, Logpoint counts cloud nodes based on:

  • vendor_id: Cloud vendor name, including but not limited to AWS, MSFT, GCP.

  • service category: Service category from where logs are collected/fetched, including Infrastructure & operational log (i_o), Security & Identity (s_i), productivity (prod), AI & machine learning (ai_ml), generic.

  • accessor_id: Identifier of the account through which logs are fetched from the cloud endpoints, the account ID of AWS-based fetchers.

Logpoint creates these components based on the configured log source type and used normalizer. If they differ from an existing configuration, Logpoint increments the cloud node count.

When using generic collectors or fetchers like Syslog collector, URAF with compiled normalizers, some normalizers support multiple service categories. As a result, even if one source is configured, multiple cloud nodes may be added. The following are the compiled normalizers with their service categories:

Compiled Normalizer

Service Categories

CloudTrailCompiledNormalizer

Security and identity (s_i), Infrastructure and Operational (i_o)

AzureLogAnalyticsCompiledNormalizer

Security and identity (s_i), Infrastructure and Operational (i_o)

EventHubsCompiledNormalizer

Security and identity (s_i), Infrastructure and Operational (i_o)

Office365CompiledNormalizer

Productivity (prod), Security and identity (s_i), Infrastructure and Operational (i_o)

MicrosoftGraphCompiledNormalizer (for LST)

Security and identity (s_i), Infrastructure and Operational (i_o)

GoogleCloudPlatformCompiledNormalizer

AI and ML (ai_ml), Infrastructure and Operational (i_o)

Example: a single cloud node where logs are collected using the syslog collector that has:

  • vendor_id = aws

  • service category = i_o

  • accessor_id = aws_user_1

These logs are considered 1 cloud node.

Example: two cloud nodes where logs are collected using a generic collector/fetcher like the syslog collector with CloudTrailCompiledNormalizer:

  • vendor_id = aws

  • service category = i_o, s_i

  • accessor_id = aws_user_1

They have different service categories, so this is considered two cloud nodes.

For non-hyper-scaler cloud services like Cisco, ZScaler, and Salesforce, uniqueness is based only on the accessor_id.

hashtag
Nodes

Logpoint tracks your license usage based on the total number of nodes used, which is displayed on the license page. A node is any data source that generates logs, and Logpoint categorizes them into two types.

  1. Nodes:

    They are part of a physical infrastructure within an organization and are not hosted on any cloud platforms. For example: desktops, laptops, printers, mobile phones, routers, on-prem servers, and firewalls. Logpoint counts and displays the total number of unique IP addresses from these log sources as nodes.

  2. Cloud Nodes:

    They are part of cloud services hosted on platforms such as AWS, Azure, Google Cloud Platform, Salesforce, and Cisco. Logpoint counts and displays the total number of log sources from these cloud platforms as cloud nodes.

In the License page, Last Billing Period displays the node usage for the previous month, and Used / Allocated Nodes displays the allocated node and its usage for the current month.

Last updated

Was this helpful?