Click Settings -> Data Management -> Policies.
General
EPS Limit: EPS is defined in your license.
You can contact Logsign Customer Support Team to calculate the traffic (EPS) generated by network devices/products in your system.
Rsync Client IP: IP address allowed for rsync.
Stop Logging When Disk Usage is Over: The portion of disk capacity on the Logsign Unified SecOps Platform is the percentage of disk usage that is specified. The default value is 90%. When this ratio is exceeded, the log reception is stopped.
Persist Policy
Raw Compression: You can select the compression method of logs named as RAW on Logsign Unified SecOps Platform.
JSON Compression: You can choose the compression method of logs called JSON on the Logsign Unified SecOps Platform in the same way.
Persist Rotate Period: You can specify how long you want the files to be closed or opened. By default, "Daily" is set and all logs will be saved with date/time information. The value that you set will give you the information about how long the logs will be closed or opened.
Service Policy
Geoip Lookup: If the box is ticked, the Logsign Unified SecOps Platform will determine the country information that is not included in the logs. It will add that data to the logs.
Enable Reputation Service: Logsign Unified SecOps Platform, with its Reputation service, obtains IP addresses which are involved in harmful events in foreign countries from many paid/free databases and informs users of harmful IP addresses. The databases are constantly updated to provide a wider source to the user.
Reputation service on the Logsign Unified SecOps Platform has a separate license. If you want to use this service, please contact Logsign Customer Support Team.
Set Raw Message: This feature enables you to see raw message in the logs. This feature can use only for syslog sources.
Data Rotation Policy
Delete Live Reports Before: You can specify how long the Index period is held on the Logsign Unified SecOps Platform. It is important to note that the Logsign Unified SecOps Platform product's disk, CPU and RAM capabilities.
Please contact the Logsign Customer Support Team while setting up the Index period.
Delete Archived Data Before: You can specify how long that you want to keep logs stored on the Logsign Unified SecOps Platform. The default value is 365 days.
Delete Signed Data Before: You can specify how long that you want to keep logs signed on the Logsign Unified SecOps Platform. The default value is set to 730)days.