Leaf Collectors - High Volume Data Collector for Distributed Environments

Logsign LEAF is a high-capacity data collector which collects all security-related data and sends the collected data to the central Logsign SIEM system.

It is an ideal solution for organizations with distributed locations that want to collect data or wants to ease the burden on their central systems.

Logsign LEAF Data Collector collects data from agent or agentless systems. It normalizes and classifies the data. It sends the data safely to the center by tolerating connection errors.

Technical Features

  • Encrypted data transfer over HTTPS
  • Improved data transfer with data synchronization technology which can tolerate long connection errors in central systems.
  • Extensive data collection integration
  • Data normalization
  • Data classification
  • Data Redundancy (Collection Layer Data Policy Management)
  • Easy integration to the central SIEM system

Why do organizations require such a system?

  • It is a colossal task for organizations with data center and IT investments in distributed locations to collect and transfer at endpoints. Without a capable data collector at endpoints, transferring data is problematic. It leads to significant management issues, ineffective use of the connection, great maintenance effort, and security vulnerabilities.
  • The organizations need to collect data for security compliance and legal obligation purposes. Even if the organization does not have distributed locations, it would still require an immense effort to collect data from too many sources.

Logsign LEAF Architecture Overview

Overview of our expanding installation scenarios with Logsign LEAF

Thanks to this solution, the Installation and Deployment options that Logsign offers are enriched.




Logsign LEAF for Distributed Enterprises,




Logsign LEAF FAQ

  • Can I transfer data over the internet with Logsign LEAF?
    • Yes, you can. You can do it securely via an encrypted connection. Also, you can integrate the Logsign LEAF system into VPN, and networks, which are closed to central systems.
  • Can Logsign LEAF be integrated into another SIEM solution other than Logsign SIEM?
    • Unfortunately, the answer is no. You can only integrate with Logsign SIEM.
  • Is Logsign LEAF licensed separately?
    • No, it’s included in premium and platinum packages.
  • Do I need a Cyber Intelligence solution for Logsign LEAF?
    • No, there is no need. Because Logsign LEAF sends the data to the center and enriches it there.
  • Does Logsign LEAF only integrate with Forest (Cluster SIEM) solution?
    • Logsign LEAF can be integrated with both Logsign Focus (all-in-one SIEM) and Logsign Forest (Cluster SIEM) solutions.
  • How long can the Logsign LEAF tolerate the connection to the center?
    • There is no software limit for this. It all depends on the hardware capacity of your central system, the LEAF, and the quality of the connection.
  • What kind of data can I collect with Logsign LEAF?
    • It supports all sources which have the Logsign SIEM solution. Therefore, you can integrate with many different types of data sources.
  • Is it possible to send data to multiple SIEM solutions with a single LEAF?
    • No, but on this matter, we want to see user comments before putting them on the road map.
  • How does Logsign LEAF lighten the burden of the central systems?
    • It is a considerable burden to collect, parse and normalize the data for SIEM systems, whether it is in the same place as the data or not. These tasks are distributed into LEAF systems to lighten the burden of the central systems.
  • How much can I lighten the burden of my central systems if I use LEAF?
    • Security devices, servers, databases, and applications support different kinds of technologies for data collecting. Therefore, one cannot be compared with the other easily. The tests we ran for the most used scenarios showed a decrease between %20 and %50 regarding the load. In fact, in some scenarios, we observed decreases up to %80 in the central systems.
  • What are the hardware requirements of Logsign LEAF?
    • Minimum recommended requirements for Logsign Leaf are 8 core CPU and 64GB of Ram.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.