Using the Logsign SIEM WEB interface, we click the Settings > Data Management > Policies tab. There will be various data management menus consisting of five titles.
EPS Limit: EPS is defined in your license.
Please note that: Please contact the Logsign Customer Support Team to calculate the traffic (EPS) generated by network devices/products in your system.
Rsync Client IP: IP address allowed for rsync.
Stop Logging When Disk Usage is Over: The portion of disk capacity on the Logsign SIEM is the percentage of disk usage that is specified. The default is 90%. When this percentage is exceeded, the log reception is stopped.
Raw Compression: You can select the compression method of logs named as RAW on Logsign SIEM product.
JSON Compression: You can also choose the compression method of logs called JSON on the Logsign SIEM product in the same way.
Persist Rotate Period: You can specify how long you want the files to be closed and opened. By default, "0" is set and all logs will be saved with date/time name of that day. The value that you set will give you the information about how long the logs will be closed and opened.
Persist by source address: The name of the logs will be determined according to the source that is added after the compressed file names. If the box is ticked, will also generate the log files for the Logsign SIEM product, as well as the type of source added at the end of the file name. On this basis, when an event that constitutes a criminal element takes place within the corporation, you can only give the logs of those sources. Otherwise, Logsign SIEM will write all logs for that day into a single file.
Geoip Lookup: If the box is ticked, the Logsign SIEM product will determine the country information that not included in the logs and will add that data to the logs.
Enable Raputation Service: Logsign SIEM product, with its Reputation service, obtains IP addresses which are involved in harmful events in foreign countries from many paid/free databases and informs users of harmful IP addresses. The databases are constantly updated to provide a wider source to the user.
Please note that: Reputation service on the Logsign SIEM product has a separate license. If you want to use this service, please contact Logsign Customer Support Team.
Data Rotation Policy
Delete Live Reports Before: You can specify how long the Index period held on the Logsign SIEM product will be held. It is important to note that the Logsign SIEM product's disk, CPU and RAM capabilities.
Please note that: Please contact the Logsign Customer Support Team while setting up the Index period.
Delete Archived Data Before: You can specify how long to keep logs stored on the Logsign SIEM product. The default value is three hundred and sixty-five (365) days.
Delete Signed Data Before: You can specify how long to keep logs signed on the Logsign SIEM product. The default value is set to seven hundred thirty (730) days.