Versions Compared

Version Old Version 25 New Version Current
Changes made by

XPLG Team

XPLG Team

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

For each log added to XpoLogXPLG, a Log Collection Policy must be used for defining how XPLG server should to collect and store the log information into its in the system repository, and for how long the logs should be to keep in searchable (indexed) and/or archived. This can be a default Collection Policy or a previously defined Collection Policy. You can also define a new any other custom defined Collection Policy.

The Log Collection Policy criteria can be defined in the following tabscriteria's:

  • General –  for  setting the collection policy name and optionally providing a description for the usage of this customized/default collection policy

  • Logs – for selecting the logs that are collected into the XpoLog repository using this associated to the policy 

  • Collection Schedule – for defining the frequency of bringing data into XpoLogXPLG

  • Storagefor defining where to store the log data, the maximum disk space that the policy can use for collecting data, how long to keep files in the storage to be available for searches before deleting them, and the email address of the administrator to notify when the maximum storage space is reached or if there is an error collecting datadisk location of the collection policy where data will be stored and the retention policy.
    The storage is the “hot” repository of XPLG where data is stored indexed and searchable in XPLG Search console.

  • Archive – for defining the behavior of the archived data.
    The archive is the “cold” repository of XPLG where data is stored not indexed, usually on slower disks for long-term retention.

  • Apptags – for security aspects it is optional to associate a collection policy with group apptagsThe related tags that the policy will be part of.

Storage: XPLG Data is stored in a Segmented-Binary, non readable format and can only be read/decrypted by XPLG authenticated user. Data cannot be changed once it entered the processing engine and is stored as-is from entry to clean up. Regardless of any parsing/enrichment rules which run on top on the original data, the raw data itself remains untouched and may be exported as raw data from the system. In case data is being tampered, XPLG immediately alerts on the issue.
Archive: XPLG archived Data is stored in compressed flat files. XPLG runs a standard checksum (SHA-1/256/MD5) on the archive repository. In case data is being tampered, XPLG immediately alerts on the issue.

...

  1. Storage Repository -  ether browse to the location where to store the collected data or type/paste the full path. Then press Set Path to save the new storage location. 

    • Note that the default is the XPLG internal data directory ( ${xpolog.root.path}data ). Also, it is recommended to use a fast storage for this location as this is where most read/write operations are performed

  2. Retention Policy - in the Delete files older than, specify at what age files are to be removed from the repository. 

  3. Data Encryption - XPLG stores its internal data in a propriety, segmented binary non readable , model. It is possible to enhance it by activating an additional encryption on the repository (used algorithm AES CBC 128). By selecting an encryption algorithm, as of the next policy's execution data will be stored encrypted. Storing encrypted data causes an overhead when writing/reading data which may result in a performance decrease of data collection/index/searchmodel and cannot be read on file system or by any other tool.

Defining the Collection Schedule

...