Skip to content

LogSentinel Agent

LogSentinel is using a custom-packaged agent based on Wazuh/OSSEC. The overview of the agent capabilities can be found here. The agent is open-source, licensed under GNU GPLv2

The agent is an optional component in a SIEM deployment - using the collector logs can be collected agentlessly, but the agent adds a few other features:

The agent runs as a local service and has the following technical characteristics:

  • communicates over encrypted TCP (default) or UDP with either the SIEM directly or with the collector
  • communication is bi-directional - the agent sends logs and other information and can receive active response commands
  • the agent retries requests in case of failure in communication, thus avoiding message loss
  • the agent works on most platforms, the full matrix is available here
  • the agent sends raw logs, and the collector or SIEM can extract structured data, e.g. IP addresses, domains, human-readable display message, etc.