Welcome to Leona!

Last updated 2 years ago

What is LeonaLog?

These days we deal with an abundance of data. This data comes from various sources like devices, applications, and operating systems. A centralized Log Management System (LMS) like LeonaLog provides a means to aggregate, organize, and make sense of all this data.

Log files are essentially text files. They contain an abundance of information - application name, IP address, timestamp, and source destination. All applications and even operating systems themselves create these logs containing massive amounts of data, which needs to be parsed if we want to make any sense of it.

An LMS must also be efficient in collecting and parsing petabytes of data. Once it has been parsed, log data can provide extremely useful information for forensic investigations, threat hunting, and business analytics in general. Whatever the use case, LeonaLog can help businesses look future into their data and save time and human resources.

Main Features

There are many features that enhance LeonaLog usefulness as a flexible tool:

Streams operate as a form of tagging for incoming messages. Streams route messages into categories in real time, and team rules instruct LeonaLog to route messages into the appropriate stream.

The LeonaLog Search page is the interface used to search logs directly. LeonaLog uses a simplified syntax, very similar to Lucene. Relative or absolute time ranges are configurable from drop down menus. Searches may be saved or visualized as dashboard widgets that may be added directly to dashboards from within the search screen.

Users may configure their own views and may choose to see either a summary or complete data from event messages.

LeonaLog Dashboards are visualizations or summaries of information contained in log events. Each dashboard is populated by one or more widgets. Widgets visualize or summarize event log data with data derived from field values such as counts, averages, or totals. Users can create indicators, charts, graphs, and maps to visualize the data.

Alerts are created using Event Definitions that consist of Conditions. When a given condition is met it will be stored as an Event and can be used to trigger a notification.

An Index is the basic unit of storage for data in OpenSearch and Elasticsearch. Index sets provide configuration for retention, sharding, and replication of the stored data. Values, like retention and rotation strategy, are set on a per-index basis, so different data may be subjected to different handling rules.

LeonaLog sidecar is an agent to manage fleets of log shippers, like Beats or NXLog. These log shippers are used to collect OS logs from Linux and Windows servers. Log shippers read logs written locally to a flat file, and then send them to a centralized log management solution. Leona supports management of any log shipper as a backend.

LeonaLog's Processing Pipelines enable the user to run a rule, or a series of rules, against a specific type of event. Tied to streams, pipelines allow routing, denying, modification, and enrichment of messages as they flow through LeonaLog.

What is LeonaLog?

Main Features

There are many features that enhance LeonaLog usefulness as a flexible tool:

Streams operate as a form of tagging for incoming messages. Streams route messages into categories in real time, and team rules instruct LeonaLog to route messages into the appropriate stream.

Users may configure their own views and may choose to see either a summary or complete data from event messages.

Alerts are created using Event Definitions that consist of Conditions. When a given condition is met it will be stored as an Event and can be used to trigger a notification.