Leaf Mode

Logsign LEAF is a high-capacity data collector that collects all kinds of data and sends the collected data to the Center Logsign Unified SecOps Platform system.

It is a solution for organizations that want to collect data from distributed locations.

Logsign LEAF Data Collector collects all kinds of data with or without an agent, normalizes, classifies, and sends it safely to the Center Logsign Unified SecOps Platform by tolerating connection errors.

To specify an installed Logsign Unified SecOps Platform as a Leaf Server or Center, go to Leaf Mode under the Data Management in the Logsign Unified SecOps Platform interface.

Important Note: For the system to work properly, the rtt (round trip time) of both the leaf and the center must be at most 30ms. 

 

Leaf Mode Configuration:

The relevant fields are filled as indicated below.

 

3.png

 

Offline Threshold(hours): In offline mode, it is determined how long the logs kept to be sent to the Center Logsign Unified SecOps Platform on the Leaf server will be stored.

Note That: If TLS will be used, check the box and continue.

 

Center Configuration:

If the Logsign Unified SecOps Platform Center is installed, the relevant fields are filled as indicated below.

 

center1.png

 

Note That: If TLS will be used, check the box and continue.

If the Logsign Unified SecOps Platform Leaf is installed, the relevant fields are filled as indicated below.

 

center2.png

 

Collection of Data:

After configuration processes, Leaf Server can be integrated into Center Logsign Unified SecOps Platform as a source.

Go to Settings > Integrations > Data Collection tab and click on +Device button.

 

4.1.png

 

LOGSIGN_LEAF is selected as Devices and the relevant fields are filled.

 

4.png

 

Host: IP address information of the Leaf Server that you want to retrieve the logs.

Offset: To explain it in terms of definition, let's say "time difference." If the "system" time you want to log in is forward or backward from the real-time difference, you can edit it accordingly. The symbol "+" moves forward, and "-" moves backward. Time information is specified in minutes.

Data Policy: As a definition, you can filter in or out of incoming data. In the Data Policy section, you can specify the kind of logs (word, event movement type, etc.) that you want to receive or not from the source. Our default setting here is the Default Policy, which has the default rule is "collect all logs."

Check Health: If you tick this box, that would inform you about the service and operability of the Logsign Unified SecOps Platform product. The Health Check Period tab will come up when the box is ticked. This part is the time interval information to be checked. 

Device Name: You must descriptive name according to your configuration(For ex., LogsignLeaf). It can provide convenience for people who analyze logs. Think of the Description field as a resource-specific area.

Tag: Slightly different from the Description section, it can be used for a broader purpose. For example, you can query by tag; and make tag-based definitions while creating a report if you use multiple Leaf Serversand define each tag as logsignleaf1 or logsignleaf2. If you want to query about an event, you will get a shorter result when searching according to logsignleaf1 name.

Finally, click the Save button to save the integration.

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.