LogSentinel SIEM On-Premise Integrations¶
On-premise integrations are achieved by the LogSentinel Collector or via third-party tools.
Logs from any on-premise system can collected. This is done by supporting flexible collection of:
- Text files - you can consume any text-based log, either locally, or remotely, via SSH or a shared folder
- Syslog - the collector can receive, enrich and forward syslog messages (regardless of the format)
- Windows logs - Windows logs can be consumed via WMI calls or with a PowerShell wrapper, both locally and remotely
- Database audit logs - RDBMS support native audit logs (out-of-the-box or using plugins). The collector can handle the most widely used databases
- Database tables - often applications write their audit logs to database tables; you can configure the LogSentinel collector to parse any table structure
For more details, see the LogSentinel Collector overview