circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Log Sources

Log Sources define how Logpoint collects logs from your environment. Each Log Source acts as a template for an integration that enables Logpoint to receive logs from servers, applications, network devices, databases, or cloud services. Once configured, Logpoint collects or fetches logs from these sources, centralizes them, and analyzes them in real time to support threat detection, investigation, and compliance use cases.

Access Log Sources from Settings >> Log Sources in the navigation bar or directly from QUICK START in All Dashboards. During its configuration, specify either a hostname or an IP address. Hostnames must follow the relevant RFC standards and can resolve to multiple IP addresses. Even if a hostname resolves to multiple IPs, it is counted as one node.

hashtag
How Log Sources Work

  • Log Sources are based on predefined templates that include required settings such as log format, transport method, and parsing logic.

  • A single template can be reused to configure multiple similar sources, ensuring consistency and reducing configuration effort.

  • For cloud integrations, a Log Source can contain multiple endpoints. Each configured endpoint consumes one device license.

hashtag
Required Permissions

To configure Log Sources, you must have Read, Create, and Delete permissions for the following objects:

  • Devices

  • Device Groups

  • Log Collection Policies

  • Parsers

Without these permissions, you may not be able to create, modify, or remove Log Sources or access their associated logs.

hashtag
Accessing Log Source

Access to logs depends on how a Log Source is modified and on user permissions:

  • If the IP address changes or is removed Users will not have access to the logs unless they have full object permissions.

  • If the name remains the same and users have full permissions They can continue to access the logs even if the IP address changes.

  • If only the name changes and the IP address remains the same Users with full permissions can still access the logs.

  • If a Log Source is deleted Only users with full object permissions can view logs collected before deletion.

This behavior ensures controlled access to log data while preserving visibility for authorized users.

hashtag
Monitoring Log Source Activity

The Last Log Received field helps you quickly identify inactive sources:

  • Green: Logs received within the inactivity threshold

  • Yellow: No logs received within the threshold (source is inactive)

The default inactivity threshold is 60 minutes, but you can customize it when creating a Log Source. You can also create a query with “status”=”inactive” “message”=”Inactive Logsource monitoring” to generate alerts, visualize data in dashboards, create reports, and search for inactive log sources.

circle-info

The Last Log Received field may appear up to 5 minutes after the last log was receivedwith a delay of up to 5 minutes. This behavior is intentional to maintain efficiency and ensure stability.

hashtag
Using Log Source Templates

After you create and save a Log Source, you can reuse it as a template to configure the same or other log sources.

Templates help you:

  • Avoid repetitive manual configuration

  • Reduce the risk of configuration errors

  • Ensure consistent log collection and parsing across similar sources

  • Maintain reliable data for detection, investigation, and reporting

Last updated

Was this helpful?