Sources
The Sources section in the Logmanager web interface provides centralized management of sources from which logs cannot be pushed by standard means (like syslog forwarding).
Logmanager supports multiple methods for collecting logs from different sources:
- Agent-based collection: Windows agents are installed on endpoints to push logs to Logmanager
- API-based collection: Direct integration with services like Azure Log Analytics, Office 365, various SQL databases and VMware environments.
- Forwarding: Logmanager Forwarders for distributed log collection architectures
The Sources section includes configuration for the following source types:
Windows agent is installed on endpoints (workstations or servers) and automatically pushes logs to Logmanager. The agent package includes:
- Winlogbeat: Collects Windows Event logs from the operating system
- Filebeat: Collects custom log files from the file system
Agents connect to Logmanager at regular intervals (heartbeats) to download configuration updates and push collected logs. For more information, see Windows Agents.
Integration with Microsoft Azure Log Analytics allows Logmanager to collect logs from Azure cloud services. This provides centralized visibility into your Azure infrastructure. For configuration details, see Azure Log Analytics.
Collect audit logs and activity data from Microsoft Office 365 services including Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. This integration provides visibility into user activities, security events, and compliance data. For more information, see Office 365.
SQL agents enable collection of logs directly from database systems. This is useful for auditing database activities, monitoring performance, and tracking security events. For configuration details, see SQL.
Integration with VMware infrastructure allows collection of logs from VMware vCenter and ESXi hosts. This provides visibility into virtual machine activities, host operations, and infrastructure events. For more information, see VMware.
Logmanager Forwarders are lightweight components that collect logs from remote locations and forward them to the central Logmanager instance. This is useful for distributed environments, locations with limited connectivity, or scenarios requiring local log buffering. For details, see Forwarders.
Across all source types, the Sources section provides:
- Centralized visibility: View the status and configuration of all connected sources in one location
- Configuration management: Update source settings from the web interface
- Monitoring: Track connection status, last communication time, and version information
- Filtering: Apply filters to limit which logs are collected or processed
- Tagging: Add metadata tags to logs for easier classification and analysis
To begin collecting logs:
- Navigate to the Sources section in the web interface
- Select the appropriate source type for your environment
- Follow the configuration instructions for that source type
- Verify the source appears in the list and logs are being received by Logmanager
- Start small: Begin by connecting a few test sources before rolling out to production
- Use tags effectively: Apply meaningful tags to help with classification and analysis
- Monitor connectivity: Regularly check source status to ensure continuous log collection
- Plan for scale: Consider using Forwarders for large distributed environments
- Review filters: Apply filters to reduce unnecessary log volume and improve performance
- Keep agents updated: Regularly update Windows agents and other components to the latest versions