Welcome to Logpoint Community

Hi SAP Team, where can I find the best practices available for configuration? Do we have a list available?

Hi SAP Team,

I often get the question about what range of SAP systems, modules  and technologies are supported? Do we have an official list I could share with customers in the future?

Hi SAP Team,

I‘m wondering if customers can use their existing SIEM to receive logs from SAP?

When using the nxlog agent for Windows (instead of the LogPoint Agent for Windows) how can I get the logs properly normalised?

When LogPoint receives “old” logs, it buffers them in the OldLogsKeeper directory.

What is the threshold of max oldest logs which still get processed in the normal way and not stored by the "old log keeper"?

When using the LogPoint Collector with buffering, where does the collector buffer the log? Is it possible to change the directory to another mountpoint? And how big is the buffer ?

Hi, I’m about to install a new LP Director platform and I was wondering if I should use the minimum memory and CPU sizing recommandations to create VMs or up them a bit. Can you share your experience and recommandations ?

Hi, how long it takes for UEBA to perform initial baseline after enabling the data collection ?

Hi,

can someone share a simple Python example to issue a search through LogPoint API ?

Hi Team, My customer has  a new network appliance that is not yet supported by LogPoint. What is the process to request its support ?

Hi Team, do we have some pointers about the advantages of ZFS compared to EXT4 filesystem and why customers should use it to store Repo data ?

Hi Team,

My customer wants  to forward LogPoint logs through syslog protocol to an external SOC. What are the best options to do this ?

I get this question often. What is our official reply?

• How can one change the IP address of a LogPoint appliance?

How can I check that my alert rules are correct and running smoothly ?

Hi,

I need to define a static field on a data source, like ‘datacenter=Paris’. What is the best way to achieve that ?

Thanks

Hi, I need to export a large amount of raw logs for a device. I tried to use the export log feature but I can’t select a destination. Can someone help ?

I have configured a log source with the wrong normalizer and therefor the usual field extractions from LogPoint taxonomy weren’t available in the search interface. I fixed the normalizer configuration but dont’t know how apply LogPoint taxonomy on older logs. Can someone help ?

Hi Team

Do we have any official descriptions of our APIs I could send to a customer?

Kind regards,

Hi

My customer just purchased a UEBA license for 500 users and they would like to know when the earliest it will be active in their LogPoint dashboard, and when they will start to see “value“.

Any experiences?

Kind regards,

Wouldn’t it be more handy to get a list created automatically when a process toList command is used in LP Query just like the T-SQL query below which creates a DB table automatically, rather than manually creating a dynamic list every time?

SELECT column1 , column2 , column3 , ...
INTO newtable [IN externaldb ]
FROM oldtable
WHERE condition;

Hello!

I am looking to upgrade the director components to the latest version.

I am aware that i have to follow the upgrade path. But could anyone please suggest me which component i have to upgrade in what order?

As we know the external firewall is exposed with multiple entities, the logs generated by the firewall are usually way higher than the internal firewall. Along with that application firewall, a firewall with IPS and IDS enabled might have more logs than normal.

Hi,
I have a case where Analyst uses the management IP, however there is a NAT address on the client side. The device address configured in the logs provide client IPs.

So I am looking to add a field management_address that we will define based on the device_address
ie: when an event has device_address=192.168.1.1 add field management_address=10.10.10.10

I've looked into a few ways to do this. Enrichment source I didn't see a good way to go about it. Adding a custom normalizer would be possible, but would have to add a signature for every IP <:ALL>192.168.1.1<:ALL> and then add keyvalue management_address=10.10.10.10
Label package would also be do-able and easier than norm signatures, but that would put the new IP in a label, rather than within the normalized event.

Wondering if anyone has come up with any other solutions or ideas.

In the case of DLP environment with collector and data node, if the connection is lost between two, what is the maximum data size of logs a collector can hold?

Is it safe to provide the root privilege of Logpoint to our customers? Do we have to look for any security concerns while doing so? Has it been done before ?

I am trying to write a script that automates implementation of Logpoint devices for small organizations by using predefined templates for devices and pre-requisites like routing policies and normalization policies.

Is there any way to fetch the available Pool UUID and Logpoint Identifier through through scripts?

It would be great if there were some means to automatically select the respective normalizers automatically. This would reduce the implementation overhead and also help us select the best available normalizers. We could leave a process to analyze the logs and find the normalizers it requires at the start of the implementation and allow it some time to process.

What are the limitations/drawback for doing so?

I used snmp to fetch oid ".1.3.6.1.2.1.1.5.0", while searching it shows "iso_org_dod_internet_mgmt_mib-2_1_5_0", How do i use this information to a dashboard or alert? Are there any normalizers available for this?

One of our customers forget the admin user credential and we need to reset the password for the user. Please let me know if there is any way around to do this?

Some of our customers have requested logs from Google Workspace. The logs requirements range anywhere from email logs to drive usage logs. What features do we have currently to work on these sort of logs?

I could not see any features mentioned in the LP Help center. Are we working on this one?