The Log Capture Tool, installed by default on Logsign SIEM, offers the end user the opportunity to perform real-time analysis on the event action (s) of the resources it has added. Even if Logsign is not added as a source on the SIEM, you can also analyze the relevant event movement in real time. Using the Logsign SIEM WEB interface, we click on Settings > Device Management > Log Capture Tool tab from the menu bar.
Note: Logsign SIEM Log Capture Tool is only available for sources that have been added as Syslog.
On the page that opens, you will see the area where you can write the IP address of a product / device added as a source on the Logsign SIEM product and the export section where you can analyze the event movement you will analyze.
You can see the event movements when you type the IP address of the device / product you want to view the real-time event movements in the space and then click the Start button.
There are two different methods to extract event flows that flow in real time. After clicking on the Start button, you can directly click on the Export button when the event movements flow, or you can click the Pause button and then use the Export button for extraction.
Note : After pressing the Start button, the data continues to be written in the index unless you stop. We recommend that you do not forget to stop the event flow when your process is completed.