Policies

Click Settings -> Data Management -> Policies

 

General

EPS Limit: EPS is defined in your license.

You can contact Logsign Customer Support Team to calculate the traffic (EPS) generated by network devices/products in your system.

Rsync Client IP: IP address allowed for rsync.

Stop Logging When Disk Usage is Over: The portion of disk capacity on the Logsign Unified SecOps Platform is the percentage of disk usage that is specified. The default value is 90%. When this ratio is exceeded, the log reception is stopped.

 

Persist Policy

Raw Compression: You can select the compression method of logs named as RAW on Logsign Unified SecOps Platform.

JSON Compression: You can choose the compression method of logs called JSON on the Logsign Unified SecOps Platform in the same way.

Persist Rotate Period: You can specify how long you want the files to be closed or opened. By default, "Daily" is set and all logs will be saved with date/time information. The value that you set will give you the information about how long the logs will be closed or opened.

 

Service Policy

Geoip Lookup: If the box is ticked, the Logsign Unified SecOps Platform will determine the country information that is not included in the logs. It will add that data to the logs.

Enable Reputation Service: Logsign Unified SecOps Platform, with its Reputation service, obtains IP addresses which are involved in harmful events in foreign countries from many paid/free databases and informs users of harmful IP addresses. The databases are constantly updated to provide a wider source to the user.

Reputation service on the Logsign Unified SecOps Platform has a separate license. If you want to use this service, please contact Logsign Customer Support Team.

Set Raw Message: This feature enables you to see raw message in the logs. This feature can use only for syslog sources.

 

Data Rotation Policy

Delete Live Reports Before: You can specify how long the Index period is held on the Logsign Unified SecOps Platform. It is important to note that the Logsign Unified SecOps Platform product's disk, CPU and RAM capabilities.

Please contact the Logsign Customer Support Team while setting up the Index period.

Delete Archived Data Before: You can specify how long that you want to keep logs stored on the Logsign Unified SecOps Platform. The default value is 365 days.

Delete Signed Data Before: You can specify how long that you want to keep logs signed on the Logsign Unified SecOps Platform. The default value is set to 730)days.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.