Logpresso Enterprise - Data Collection and Parsing

🔓 for data collection and normalization
Logpresso Enterprise Solutions.

Lecture Introduction

This course teaches you how to collect data using Logpresso and normalize it for querying. This course is designed for engineers who want to learn how to collect diverse field logs in real time into Logpresso and how to normalize the data to meet their intended needs.

Data collection and parsing through real logs

While Logpresso provides a parser for security device logs, in practice, custom parsing is often required on-site. This course will explore the use of regular expressions and query-based parsers, while parsing actual logs. By familiarizing yourself with commonly used log collection methods , you'll understand Logpresso's collection method and be able to apply it to other log collectors to gather the data you need.

Collector setup and data normalization

You will learn how to set up a syslog collector that receives network and security logs, and an HTTP collector used by applications, and passive collection methods that receive data; file-based log collection; and how to set up a collector that collects data from an RDBMS, and cover active collection methods that retrieve data directly. You will also learn about parsers that normalize collected data, how to create parsers using regular expressions and queries that can be applied to various situations, and how to link the created parsers to parse incoming data that is mixed in various formats.

Installing the Agent and Creating a Collector

This course also covers how to install agents on remote servers and create collectors. This course covers how to set up agents to compress, encrypt, and collect data from remote servers, as well as how to configure collection settings through hands-on practice. This course aims to deepen your understanding of Logpresso's agent utilization methods.

What to prepare

PC or laptop

• You will need a Windows-based PC or laptop.

Chrome-based browser

• Logpresso allows you to perform all queries through the web console.
• It works without any issues on browsers that support HTML5, such as Internet Explorer 11 or later, Chrome (Edge, Whale, etc.), Firefox, and Safari. (However, Chrome is recommended.)

Tools covered in the lecture

• This course uses the Logpresso Enterprise Server version.

Related processes

Logpresso Enterprise - Batch Processing

Everything you need to know about Logpresso's scheduled query feature.