Introducing the latest release of the LogPoint Agent and LogPoint 5.6.0

May 10, 2017 - 3 minutes read

nsaAfter a long period of development, we are now ready with the largest feature release of the LogPoint agent in the history of LogPoint.

With this release the agent will be faster, more stable and offer more features. Combined with the recent changes in LogPoint 5.6 (Policy Based Routing), the new agent can make drastic cuts in resource consumption!

New Features

  • File Integrity Monitoring and Windows Registry Scanning is now supported.
  • The agent now supports localized environments (non-English Windows).
  • The agent now processes logs more than 300% faster than in the previous version.
  • Centralized management of agents in large deployments is now supported.
  • The Agent can now operate in either encrypted and clear-text modes.

With our new release, we introduce FIM and Registry monitoring as fundamental new features. Additionally, we now support distributed environments for LogPoint Agents to exist in. That is; if you have multiple back-ends and collectors, the Agents will be manageable from a single location.

Also with this release we have released a new compiled normalizer for Windows. This compiled normalizer extracts data from the Windows eventlog in XML and uses the LPA to translate it to JSON before sending it in. JSON being faster to parse and more efficient to store compared to XML and the raw eventlog data, we achieve a substantial performance improvement.

NOTE: The LPA_Windows normalizer can be used by our NXLog Enterprise customers too, they need to add a simpleĀ  to_json();, to the existing XML based eventlog collection.

Enhancements

  • Major upgrade of the underlying agent code
  • A memory leak and performance degradation scenario has been resolved
  • More robust communication with the management API

LogPoint is proud to announce LogPoint 5.6. Since our last large upgrade back in April 2016 (5.5.0), we have had minor releases and in parallel worked on this release.

Note: Please go through the release notes and ensure you have prepared your platform and fulfilled all the prerequisites before upgrading.

New Features

Policy Based Routing

The feature allows your organization to:

  • Reduce costs of storage: Filter messages before they are stored.
  • Optimize workflows: Store logs in repositories based on urgency and severity
  • Take the outputs of alerts and store them with enhanced meta data for efficient long-term correlations.

How it works:

During collection and after normalization, we define a filter

Based on the contents of the logs, an action will be taken:

  • Drop the log?
  • Keep only key-value pairs?
  • Keep everything
  • Where to store the logs

We walk through the configuration in the video below.

You can read the original article, here and here.

Powered by WPeMatico