For the full Log Collector Hardware Requirements Guide, please refer to this link: [Log Collector Hardware Requirements Guide](https://docs.cytechint.io/books/log-collector-installations/page/log-collector-hardware-requirements-guide "Log Collector Hardware Requirements Guide")
##### **Steps to Add Log Collector** Please follow the steps below to add a Log Collector using Windows Environment. 1. Log in to AQUILA click here - **[CyTech - AQUILA](https://cytechint.io/)**. Choose **Cyber Monitoring** and click the **small arrow icon** to redirect you to the Cyber Monitoring Dashboard. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/QUruqc4qZzjj39A2-image.png) 2. In the dashboard, choose **Cyber Incident Management (SIEM and XDR)**. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/i68EMO7YfIStKeyl-image.png) 3. Navigate through the leftmost top and click **Cyber Incident Monitoring**. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/KgRo0wYa67PKNCws-image.png) 3. Navigate to the Log Collector section and click the '**Add Log Collector**' button to launch the installation interface. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/wjGyuwkD02sNX5JG-image.png)4. Once the installation window display is shown, thoroughly review the System Requirements specific to your operating system to ensure compatibility and avoid installation or runtime issues. Verifying these prerequisites is essential before proceeding with deployment. Then click '**Next**'.
You can also refer to our documentation manuals for Log Collector Installations Guidelines: [https://docs.cytechint.io/books/log-collector-installations](https://docs.cytechint.io/books/log-collector-installations "https://docs.cytechint.io/books/log-collector-installations")
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/4651RxjfXk7UmqGj-image.png) 5. From the options, select the '**Automatic'** installation option. Then click '**Next'**. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/AQSi4pI6aMzhgE5U-image.png)6. Carefully follow the instructions for the Automatic Installation.
6a. Download the Windows Installer.
- Click on the **"Download Installer"** button to download the Windows MSI Package for Elastic Agent.
- The URL can also be found on [https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.15.1-windows-x86\_64.msi](https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.15.1-windows-x86_64.msi)
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/m7BWhjfRdH8ohzjK-image.png)
6b. Ensure that the Elastic Agent file is located in your Downloads folder before proceeding.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/vpK02FpDmidLAKOC-image.png)
6c. **Copy the commands** provided on the installation page and execute them sequentially to ensure successful execution. These commands are required to complete the log collector installation in the subsequent steps.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/sowVOCRDTrgJf7bk-image.png)
7. In your dedicated environment for your Log Collector, open the **Command Prompt** and run as **Administrator**.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-04/IvL5O3f5LMaWdvfC-image.png)
8. Execute the commands displayed in **Figure 6b** as shown in the manual.
- For example (elastic-agent-<VERSION>-windows-x86\_64.msi INSTALLARGS="--url=<URL> --enrollment-token=<TOKEN>").
- Once the commands are executed successfully, you should see an output similar to the example shown in the image below.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/AUgMFbn3c2qfPKWG-image.png)
8a. **The Elastic Agent installation window will appear.** Check the **“I accept the terms in the license agreement”** box, then click **Install**.
Wait for the installation to complete, and then click **Finish**.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/8ti6ZlQXsr638myL-image.png)[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/zS08rBb67HeWDdyj-image.png)
9. Before proceeding with the final installation setup, ensure all required steps have been completed by clicking the check box. Once confirmed, click “**Next**” to continue.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/KKTS2UmY4cynKBqc-image.png)
10. Allow 3–5 minutes for the Log Collector Agent to complete registration and report its "**Online"** status to the fleet server, indicating a successful installation.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/TTRWWmIEFyFUHjvd-image.png)
11. This step confirms the successful installation and enrollment of the Log Collector Agent with the fleet server. The interface will display the Log Collector host name and the user who performed the installation. Click "**Continue"** to complete the setup process.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/JLbWSv4fLy4c1DCC-image.png)
12. Also you can verify successful installation by going to **Cyber Incident Monitoring>Settings>Log Collector**.
- In the Log Collector List, you can see all the log collector installed. You can also view the Log Collector details such us: **Agent Name, Status and IP address**.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-04/E17yVLWccJaInPG1-image.png)
*\*\*\*If you encounter **Log Collector Setup Failed**. Please click "Retry" and carefully go gack to Steps 5 or 6. You can also try "**Manual**" installation. If issues persist please contact our technical support at **
For the full Log Collector Hardware Requirements Guide, please refer to this link: [Log Collector Hardware Requirements Guide](https://docs.cytechint.io/books/log-collector-installations/page/log-collector-hardware-requirements-guide "Log Collector Hardware Requirements Guide")
##### **Steps to Add Log Collector** Please follow the steps below to add a Log Collector using Windows Environment. 1. Log in to **CyTech - AQUILA**. Click here: **[AQUILACYBER.AI](https://aquilacyber.ai/)** - Click **Collapse** to view side panel. Then navigate through **Domains>Cyber Monitoring>Cyber Incident Management (CIM)>Settings**. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/hmguGlhuEq3VHpnb-image.png) 2. Navigate to the Log Collector section and click the '**Add Log Collector**' button to launch the installation interface. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/sPXPArzmE35GPM7i-image.png) 3. Once the installation window display is shown, thoroughly review the **System Requirements** specific to your operating system to ensure compatibility and avoid installation or runtime issues. Verifying these prerequisites is essential before proceeding with deployment. Then click "**Next**".You can also refer to our documentation manuals for Log Collector Installations Guidelines: [https://docs.cytechint.io/books/log-collector-installations](https://docs.cytechint.io/books/log-collector-installations "https://docs.cytechint.io/books/log-collector-installations")
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/4651RxjfXk7UmqGj-image.png) 5. From the options, select the "**Manual**" installation option. Then click "**Next**". [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/9zadBjhTVstIdIng-image.png)6. Carefully follow the instructions for the Manual Installation. **Copy the commands** provided on the installation page and execute them sequentially to ensure successful execution. These commands are required to complete the log collector installation in the subsequent steps.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/j95N9TRIRDmIfEXS-image.png)
7. In your dedicated environment for your Log Collector, open the **Windows Powershell** and run as **Administrator**.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/AR9a0aG0RFUFRhIb-image.png)
8. Execute the commands displayed in Step 6 as shown in the installation manual. Once the commands are executed successfully, you should see an output similar to the example shown in the image below. Go back to Cytech - Aquila to finish manual installation.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/ItyEDcd3n9c47yvj-image.png)
9. Before you can proceed to the final installation set-up make sure you check off each steps required. Then you can click "**Next**".
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/58H9qGBjRXydEDHz-image.png)
10. Allow 3–5 minutes for the Log Collector Agent to complete registration and report its "**Online"** status to the fleet server, indicating a successful installation.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/TTRWWmIEFyFUHjvd-image.png)
11. This step confirms the successful installation and enrollment of the Log Collector Agent with the fleet server. The interface will display the Log Collector host name and the user who performed the installation. Click "**Continue"** to complete the setup process.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/JLbWSv4fLy4c1DCC-image.png)
12. Also you can verify successful installation by going to **Cyber Incident Monitoring>Settings>Log Collector**.
- In the Log Collector List, you can see all the log collector installed. You can also view the Log Collector details such us: **Agent Name, Status and IP address**.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-04/E17yVLWccJaInPG1-image.png)
*\*\*\*If you encounter **Log Collector Setup Failed**. Please click "Retry" and carefully go gack to Steps 5 or 6. You can also try "**Manual**" installation. If issues persist please contact our technical support at **
**Brief Description** **The Log Collector Agent is a single, unified tool that simplifies adding monitoring capabilities to your** **systems. It can collect various data types, including logs, metrics, and security** **information, from your hosts.**
Locating Log Collector Agent Service 1.Task Manager Open Task Manager, press Win + Q or use Windows search for searching “Task Manager”
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/28Kes96XIgS756qt-image.png)After opening the Task Manager, locate and press the Services button on the Left side of the Task Manager. At the uppermost of the Task Manager, there will be a search bar to filter and search the Services in your System. Just type elastic agent.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/EHGbish7aA3QwxyI-image.png)After filtering the Services, you will notice two Elastic Services, choose only the “Elastic Agent” service. To restart the service, use the right click on your mouse to “restart” the service.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/8BbCnpylr8dABKki-image.png) # Log Collector Installation - Linux Manual #### **Log Collector Installation in CyTech - AQUILA** This guide outlines the step-by-step process for deploying the **Elastic Agent** as a log collector within the **CyTech - AQUILA** environment. Following these instructions will establish a secure and automated mechanism for log collection and management, enabling centralized visibility and analysis critical to cybersecurity operations. #### **Pre-requisites** 1. **Access to CyTech - AQUILA** - Only users assigned the **"Owner"** or **"Admin"** role can access the Log Collector installation resources within the platform. 2. **Dedicated Virtual Machine for Log Collector Deployment** - **Dedicated Unit**: It is recommended to use a separate, dedicated VM exclusively for the Log Collector to prevent resource contention and ensure stable performance. - **Virtual Machine (VM) Preferred**: Deploying the Log Collector on a VM offers greater flexibility, scalability, and easier maintenance compared to physical hardware. - **Always Online**: The virtual machine must remain continuously online to ensure uninterrupted log collection from all integrated sources.For the full Log Collector Hardware Requirements Guide, please refer to this link: [Log Collector Hardware Requirements Guide](https://docs.cytechint.io/books/log-collector-installations/page/log-collector-hardware-requirements-guide "Log Collector Hardware Requirements Guide")
##### **Steps to Add Log Collector** Please follow the steps below to add a Log Collector using Linux Environment. 1. Log in to **CyTech - AQUILA**. Click here: **[usdc.cytechint.io](https://usdc.cytechint.io/)** - Click **Collapse** to view side panel. Then navigate through **Domains>Cyber Monitoring>Cyber Incident Management (CIM)>Settings**. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/7YXKou38EqMVz9Wg-image.png) 2. Navigate to the Log Collector section and click the '**Add Log Collector**' button to launch the installation interface. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/HG4f71ZaFwULUkR2-image.png)3. Once the installation window display is shown, thoroughly review the **System Requirements** specific to your operating system to ensure compatibility and avoid installation or runtime issues. Verifying these prerequisites is essential before proceeding with deployment. Then click "**Next**".
You can also refer to our documentation manuals for Log Collector Installations Guidelines: [https://docs.cytechint.io/books/log-collector-installations](https://docs.cytechint.io/books/log-collector-installations "https://docs.cytechint.io/books/log-collector-installations")
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/FjQzqzzkCCW9OUxP-image.png) 4. From the options, select the "**Manual**" installation option. Then click "**Next**". [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/9zadBjhTVstIdIng-image.png)5. Carefully follow the instructions for the Manual Installation.
- **Linux Distributions** - choose versions of the Linux operating system.
- **Choose CPU Architecture**
- x86\_64 Architecture: Intel and AMD, x86\_64 is an extension of the x86 architecture, providing 64-bit computing capabilities.
- aarch64 Architecture: ARM architecture, specifically Apple's custom-designed ARM-based processors known as Apple Silicon (M1, M1 Pro, M1 Max, M1 Ultra, and M2 chips).
- **Copy the commands** provided on the installation page and execute them sequentially to ensure successful execution. These commands are required to complete the log collector installation in the subsequent steps.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/igudP8pf6j3W6wBQ-image.png)
6. In your dedicated environment for your Log Collector, open the **Terminal** and provided you have **root privilege.** Execute the commands displayed in Step 6 as shown in the installation manual. Once the commands are executed successfully, you should see an output similar to the example shown in the image below. Go back to **Cytech - Aquila** to finish manual installation.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/cQcLxiVuou0JWiai-image.png)
7. Before you can proceed to the final installation set-up make sure you check off each steps required. Then you can click "**Next**".
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/4UtNgcpZLktWNZCq-image.png)
8. Allow 3–5 minutes for the Log Collector Agent to complete registration and report its "**Online"** status to the fleet server, indicating a successful installation.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/TTRWWmIEFyFUHjvd-image.png)
9. This step confirms the successful installation and enrollment of the Log Collector Agent with the fleet server. The interface will display the Log Collector host name and the user who performed the installation. Click "**Continue"** to complete the setup process.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/JLbWSv4fLy4c1DCC-image.png)
10. Also you can verify successful installation by going to **Cyber Incident Monitoring>Settings>Log Collector**.
- In the Log Collector List, you can see all the log collector installed. You can also view the Log Collector details such us: **Agent Name, Status and IP address**.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-04/E17yVLWccJaInPG1-image.png)
*\*\*\*If you encounter **Log Collector Setup Failed**. Please click "Retry" and carefully go gack to Steps 5 or 6. You can also try "**Manual**" installation. If issues persist please contact our technical support at **
For the full Log Collector Hardware Requirements Guide, please refer to this link: [Log Collector Hardware Requirements Guide](https://docs.cytechint.io/books/log-collector-installations/page/log-collector-hardware-requirements-guide "Log Collector Hardware Requirements Guide")
##### **Steps to Add Log Collector** Please follow the steps below to add a Log Collector using macOS Environment. 1. Log in to **CyTech - AQUILA**. Click here: **[AQUILACYBER.AI](https://aquilacyber.ai/)** - Click **Collapse** to view side panel. Then navigate through **Domains>Cyber Monitoring>Cyber Incident Management (CIM)>Settings**. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/hmguGlhuEq3VHpnb-image.png) 2. Navigate to the Log Collector section and click the '**Add Log Collector**' button to launch the installation interface. [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/sPXPArzmE35GPM7i-image.png)3. Once the installation window display is shown, thoroughly review the **System Requirements** specific to your operating system to ensure compatibility and avoid installation or runtime issues. Verifying these prerequisites is essential before proceeding with deployment. Then click "**Next**".
You can also refer to our documentation manuals for Log Collector Installations Guidelines: [https://docs.cytechint.io/books/log-collector-installations](https://docs.cytechint.io/books/log-collector-installations "https://docs.cytechint.io/books/log-collector-installations")
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/bD1EXdFeE5UvHV7F-image.png) 4. From the options, select the "**Manual**" installation option. Then click "**Next**". [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/9zadBjhTVstIdIng-image.png)5. Carefully follow the instructions for the Manual Installation.
- **Choose CPU Architecture**
- x86\_64 Architecture: Intel and AMD, x86\_64 is an extension of the x86 architecture, providing 64-bit computing capabilities.
- aarch64 Architecture: ARM architecture, specifically Apple's custom-designed ARM-based processors known as Apple Silicon (M1, M1 Pro, M1 Max, M1 Ultra, and M2 chips).
- **Copy the commands** provided on the installation page and execute them sequentially to ensure successful execution. These commands are required to complete the log collector installation in the subsequent steps.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/VaKJ1UiIc7L2o0zD-image.png)
6. In your dedicated environment for your Log Collector, open the **Terminal** and provided you have **root privilege**. Execute the commands displayed in Step 6 as shown in the installation manual. Once the commands are executed successfully, you should see an output similar to the example shown in the image below. Go back to **Cytech - Aquila** to finish manual installation.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/QhYM9Kqm8MTvEqCF-image.png)
7. Before you can proceed to the final installation set-up make sure you check off each steps required. Then you can click "**Next**".
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/r0Oez5DQV7OKeK9j-image.png)
8. Allow 3–5 minutes for the Log Collector Agent to complete registration and report its "**Online"** status to the fleet server, indicating a successful installation.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/TTRWWmIEFyFUHjvd-image.png)
9. This step confirms the successful installation and enrollment of the Log Collector Agent with the fleet server. The interface will display the Log Collector host name and the user who performed the installation. Click "**Continue"** to complete the setup process.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-05/JLbWSv4fLy4c1DCC-image.png)
10. Also you can verify successful installation by going to **Cyber Incident Monitoring>Settings>Log Collector**.
- In the Log Collector List, you can see all the log collector installed. You can also view the Log Collector details such us: **Agent Name, Status and IP address**.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-04/E17yVLWccJaInPG1-image.png)
*\*\*\*If you encounter **Log Collector Setup Failed**. Please click "Retry" and carefully go gack to Steps 5 or 6. You can also try "**Manual**" installation. If issues persist please contact our technical support at **
Basic setup is moderately complex. Most organizations can get started in a few days with some IT expertise, though fine-tuning takes longer.
> **How much will this cost?**A basic setup can be achieved with a mid-range server cost, but costs vary based on your specific needs and whether you use physical or virtual servers.
> **Can I use a regular computer?**For very small businesses, a decent desktop computer could work initially, but most organizations should use server-grade equipment for reliability.
> **How do I know if I need more powerful hardware?**If your log collector becomes slow, loses messages, or crashes occasionally, you likely need to upgrade.
> **What happens if my log collector stops working?**If your log collector goes offline, you'll stop gathering important information and might miss critical events. Consider having a backup system ready.
> **How long should I keep logs?**This depends on your industry and compliance requirements. Most businesses keep logs for 30-90 days, while some regulated industries require 1-7 years of retention.
> **Do I need a dedicated IT person to manage this?**Not necessarily, but you do need someone comfortable with basic IT concepts. For smaller businesses, this might be a part-time responsibility or could be outsourced.
> **Can I use cloud services instead of my own hardware?**Yes, many cloud providers offer log collection services. This can reduce hardware costs but may increase ongoing operational expenses.
> **How do I protect sensitive information in logs?**Your log collection software should have features to mask or encrypt sensitive data like credit card numbers or personal information.
> **Will collecting logs slow down my other systems?**A properly configured log collector should have minimal impact on your other systems. It's designed to quietly gather information without disrupting operations.
> **How much maintenance does a log collector need?**Regular maintenance includes checking storage space, updating software, and occasionally reviewing collection rules. Plan for a few hours each month.
> **Can I collect logs from remote locations or branch offices?**Yes, but you'll need to ensure good network connectivity. For multiple locations, you might want smaller collectors at each site feeding into a central system.
> **What if I have too many logs to review?**Most log collectors include tools to filter, search, and alert on important events so you don't need to manually review everything.
> **How do I know what to collect?**Start with security-relevant systems (firewalls, servers) and critical business applications. You can expand collection as needed.
*If you need further assistance, kindly contact our support at **support@cytechint.com** for prompt assistance and guidance.* # What is a Log Source? ##### **What is a Log Source?** A log source refers to any system, application, or device that generates log data. Logs are records of events that occur within these systems, and they provide valuable information for monitoring, troubleshooting, and analyzing the performance and security of IT environments. Here’s a more detailed explanation of what constitutes a log source: 1.**Types of Log Sources**:
- **Servers**: Operating systems on servers generate logs related to system events, security, and application performance. - **Applications**: Software applications produce logs that capture user activities, errors, and other operational details. - **Network Devices**: Routers, switches, and firewalls generate logs that provide insights into network traffic and security events. - **Databases**: Database management systems log queries, transactions, and access patterns. - **Cloud Services**: Cloud platforms and services generate logs that track usage, performance, and security events. - **Containers and Orchestration Platforms**: Tools like Docker and Kubernetes produce logs related to container lifecycle events and orchestration activities. 2.**Log Data Content**:
- **Timestamps**: Indicate when an event occurred. - **Severity Levels**: Classify the importance or urgency of an event (e.g., info, warning, error). - **Event Messages**: Describe the event or action that took place. - **Source Identifiers**: Identify the origin of the log entry, such as the application name or IP address. 3.**Purpose of Logs**:
- **Monitoring**: Continuously track the health and performance of systems and applications. - **Troubleshooting**: Diagnose and resolve issues by analyzing error messages and event sequences. - **Security**: Detect and investigate security incidents by reviewing access logs and anomaly patterns. - **Compliance**: Maintain records for auditing and compliance with regulatory requirements. 4.**Log Collection and Management**:
- Logs are typically collected and managed using tools like Elastic's Filebeat, Logstash, and Elasticsearch, which help aggregate, process, and analyze log data from various sources. - Configuring log sources involves specifying which logs to collect, how to format them, and where to send them for storage and analysis.**Log sources can come from a wide variety of platforms, devices, and applications. Here’s a more detailed look at specific examples of log sources across different categories:**
1. **Operating Systems**: - **Windows**: Event logs such as Application, Security, and System logs. - **Linux/Unix**: Syslog, auth.log, dmesg, and application-specific logs. - **macOS**: System logs and application logs accessible via the Console app. 2. **Applications**: - **Web Servers**: Apache HTTP Server and Nginx access and error logs. - **Application Servers**: Tomcat, JBoss, and WebSphere logs. - **Database Systems**: MySQL, PostgreSQL, Oracle, and SQL Server logs. 3. **Network Devices**: - **Routers and Switches**: Cisco IOS logs, Juniper logs. - **Firewalls**: Palo Alto Networks, Fortinet, and Check Point logs. - **Load Balancers**: F5 BIG-IP, HAProxy logs. 4. **Security Devices**: - **Intrusion Detection Systems (IDS)**: Snort, Suricata logs. - **Security Information and Event Management (SIEM)**: Logs from platforms like Splunk, IBM QRadar. 5. **Cloud Services**: - **AWS**: CloudTrail, CloudWatch logs. - **Microsoft Azure**: Azure Monitor logs, Activity logs. - **Google Cloud Platform (GCP)**: Stackdriver logs. 6. **Containers and Orchestration Platforms**: - **Docker**: Container logs accessible via Docker CLI. - **Kubernetes**: Pod logs, kubelet logs, and cluster events. 7. **IoT Devices**: - **Smart Home Devices**: Logs from devices like smart thermostats, cameras. - **Industrial IoT**: Logs from sensors and controllers in manufacturing environments. 8. **End-User Devices**: - **Desktops and Laptops**: System and application logs from Windows, macOS, and Linux. - **Mobile Devices**: Logs from Android and iOS applications. 9. **Business Applications**: - **ERP Systems**: SAP, Oracle ERP logs. - **CRM Systems**: Salesforce, Microsoft Dynamics logs. 10. **Collaboration Tools**: - **Email Servers**: Microsoft Exchange, Postfix logs. - **Communication Platforms**: Slack, Microsoft Teams logs.These log sources provide a wealth of information that can be used for monitoring, troubleshooting, and securing IT environments. Elastic's tools like Filebeat and Logstash can be configured to collect and process logs from these diverse sources, enabling centralized analysis and visualization in Elasticsearch and Kibana.
*If you need further assistance, kindly contact our support at **support@cytechint.com** for prompt assistance and guidance.* # Log Sources vs. Log Collectors ### **Log Sources vs. Log Collectors****Log Sources**:
- **Definition**: Log sources are the origin points where log data is generated. These can be operating systems, applications, network devices, cloud services, and more.
- **Examples**: Windows Event Logs, Apache Web Server logs, Cisco Router logs, AWS CloudTrail logs, Docker container logs.
- **Purpose**: Log sources provide raw data about events occurring within systems, applications, and devices. This data is crucial for monitoring, troubleshooting, security analysis, and compliance.
**Log Collectors**:
- **Definition**: Log collectors are tools or agents that gather log data from various log sources and forward it to a centralized location for processing and analysis.
- **Examples**: Elastic's Filebeat, Logstash, Fluentd, Splunk Universal Forwarder.
- **Purpose**: Log collectors are responsible for aggregating logs from multiple sources, transforming or enriching the data if necessary, and sending it to a storage or analysis platform like Elasticsearch. They help ensure that log data is efficiently collected and made available for further processing.
**Functionality**:
- - **Log Sources**: Generate log data based on events and activities within systems and applications.
- **Log Collectors**: Focus on gathering, processing, and forwarding log data from log sources to a centralized system.
**Location**:
- - **Log Sources**: Reside on the systems or devices where events occur (e.g., servers, network devices).
- **Log Collectors**: Can be installed on the same systems as log sources or operate remotely to collect logs from multiple sources.
**Data Handling**:
- - **Log Sources**: Produce raw log data that may be unstructured or semi-structured.
- **Log Collectors**: Often include capabilities to parse, filter, and format log data, making it suitable for analysis.
**Integration**:
- - **Log Sources**: Require configuration to ensure logs are accessible and properly formatted for collection.
- **Log Collectors**: Need to be configured to connect to log sources, define data processing rules, and specify destinations for log data.
**Role in Monitoring**:
- - **Log Sources**: Provide the foundational data needed for monitoring and analysis.
- **Log Collectors**: Enable efficient data collection and integration into monitoring and analysis platforms, facilitating real-time insights.
4. Carefully review the system requirements for your operating system to ensure compatibility and prevent potential issues during installation or usage. It is important to verify these prerequisites before proceeding.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2024-11/cbFz7qFNP6EGR4c1-image.png)
5\. From the options, select the Automatic installation option.
6. Carefully follow the instructions for the automatic installation.
6a. **Download the Windows Installer**
- Click on the **"Download Installer"** button to download the Windows MSI Package for Elastic Agent.
- The URL can also be found on [https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.15.1-windows-x86\_64.msi](https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.15.1-windows-x86_64.msi)
6b. Copy the command displayed on the installation page. You will need this command to complete the installation process for the log collector in the next steps.
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2024-11/DCNh3iJZPtzAN5OA-image.png)
7\. Open the Command Prompt and run as Administrator.
8. Execute the command displayed in **Figure 6b** as shown in the manual.
For example (elastic-agent-<VERSION>-windows-x86_64.msi INSTALLARGS="--url=<URL> --enrollment-token=<TOKEN>").
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2024-11/Rt6IkauOIW2gGqs5-image.png)
*If you need further assistance, kindly contact our support at **To navigate to CSPM Module please follow the instructions below:**
**Step 1: Log in to CyTech - AQUILA.** *click here -->* **[AQUILACYBER.ai](https://aquilacyber.ai/overview-v3/dashboard/maindashboard)**
**Step 2: Click on Cyber Monitoring.**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/hItzqzN09q61CMZZ-image.png)
**Step 3: Choose Cloud Security Posture Management (CSPM).**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/EbsP1Kz74gmIWnyZ-image.png)
**Step 4: Hover into leftmost panel to view all the CSPM sections.**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/OnYEkjFfdJf6Wwa1-image.png)
**Here in the CSPM Dashboard you can view all the evaluations. Such as Account Evaluated, Compliance Score, Compliance by Center in Internet Security (CIS), Findings and Posture Trends.**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/qsJld2Z5MscJl0q9-image.png) 1. **Account Evaluated:** - This refers to the specific cloud accounts that have been assessed for security compliance. An "account" in this context typically represents a collection of cloud resources under a single administrative domain within a cloud service provider (e.g., an AWS account, an Azure subscription). Evaluating an account involves checking its resources and configurations against security benchmarks. 2. **Compliance Score:** - The compliance score is a metric that indicates how well a cloud account or resource adheres to predefined security benchmarks, such as those set by the Center for Internet Security (CIS). It is usually expressed as a percentage, with a higher score indicating better compliance. This score helps organizations quickly assess their security posture and identify areas needing improvement. 3. **Compliance by Center for Internet Security (CIS):** - This refers to the evaluation of cloud resources against the security guidelines and best practices defined by the CIS benchmarks. These benchmarks provide a set of controls and recommendations to secure cloud environments. Compliance by CIS helps organizations ensure their configurations align with industry standards for security. 4. **Findings:** - Findings are the results of the security assessments conducted by the CSPM module. They detail specific issues or misconfigurations identified during the evaluation process. Each finding typically includes information about the affected resource, the nature of the issue, its severity, and recommended remediation steps. 5. **Posture Trends:** - Posture trends refer to the analysis of changes in security posture over time. This involves tracking improvements or regressions in compliance scores and findings. Understanding posture trends helps organizations identify patterns, measure the effectiveness of their security initiatives, and make informed decisions about future security strategies.**In the Findings Dashboard - it shows you all the detailed misconfigurations evaluated by our CSPM Module. Here you view the Result, Resource ID, Resource Name, Resource Type, Rule Number, Rule Name, CIS Section, Last Checked and Cloud.**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/6mvMs6rru4pGH50g-image.png) ##### **Misconfigurations** This section gives an overview of all misconfiguration findings detected from cloud integrations across AWS, GCP, and Azure. --- ##### **Overall Resolve Findings** Displays the percentage of resolved vs. unresolved misconfigurations. It includes a progress bar and a warning message urging users to follow remediation steps to maintain cloud security. --- ##### **All Results Tab** Lists all misconfiguration findings from all cloud providers in one consolidated view. --- ##### **Amazon AWS Tab** Filters the findings to only show results from Amazon Web Services (AWS). --- ##### **Google Cloud Platform Tab** Shows findings that pertain exclusively to GCP (Google Cloud Platform) assets. --- ##### **Azure Tab** Filters results to display only Azure-related misconfiguration findings. --- ##### **Search & Filter Function** - **Search Bar**: Quickly locate specific misconfiguration results by keyword. - **Filter Button**: Apply advanced filters (e.g., cloud type, severity, category) to narrow down the displayed results. --- 1. **Result:** - The result indicates the outcome of a security assessment for a specific rule or check. It typically shows whether the resource passed or failed the evaluation based on compliance with the security benchmark. 2. **Resource ID:** - This is a unique identifier assigned to a specific cloud resource within an account. The Resource ID helps in precisely identifying and referencing the resource in security assessments and reports. 3. **Resource Name:** - The resource name is the human-readable name assigned to a cloud resource. It helps users easily identify and manage resources within their cloud environment. 4. **Resource Type:** - This refers to the category or kind of cloud resource being evaluated, such as a virtual machine, storage bucket, database instance, etc. Understanding the resource type is crucial for applying the correct security checks and benchmarks. 5. **Rule Number:** - The rule number is a unique identifier for a specific security rule or check within a benchmark. It helps users quickly reference and locate the rule in documentation or reports. 6. **Rule Name:** - The rule name provides a descriptive title for a security rule or check. It summarizes the purpose or focuses of the rule, such as "Ensure encryption is enabled for storage buckets." 7. **CIS Section:** - CIS Sections refer to categories of security best practices defined by the Center for Internet Security (CIS) benchmarks. These sections group related security controls and guidelines that help ensure cloud resources are configured securely. 8. **Last Checked:** - This indicates the most recent time when a particular resource or configuration was assessed for compliance with security benchmarks. It helps users understand how up to date the security posture information is. 9. **Cloud:** - In CSPM, "Cloud" refers to the specific cloud service provider or environment being assessed. This could include platforms like AWS, Azure, or Google Cloud. The CSPM module evaluates resources within these cloud environments against security benchmarks.**By clicking each of the misconfigurations [](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/3jGSao8KjNrrIgU6-image.png)** **, it will show you all the details such as Evidence, Remediation and Rule Info.**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/XbsmEwa3lvqkMUk7-image.png)**In the evidence tab, it will give you the details of information that supports the misconfiguration.**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/jBNHCX3wZOLcTuKK-image.png)**Remediation tab shows all the needed instructions to resolved the misconfigurations and you can also "Add a Task" function.**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/I8WVSarXlqrJt86X-image.png)**Rule info tab shows the full details such as Description, Rationale, and References.**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/GUGjXE9K3bNNrPbM-image.png)**Task Management Section- Displays all tasks created to mitigate identified vulnerabilities from cloud security findings.**
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/AwNyFxJ64Iqt7c9t-image.png)---
##### **Summary Cards**
- **Total Tasks**: The overall number of tasks created.
- **Task Completed**: Number of tasks successfully resolved.
- **Unassigned Task**: Tasks not yet assigned to any user.
- **New Tasks**: Recently added tasks not yet started or in progress.
---
##### **Search & Filter Function**
- **Search Bar**: Allows quick lookup of specific tasks by keyword.
- **Filter Button**: Opens advanced filtering options (e.g., severity, assignee, status).
---
##### **Task Table**
Displays task details including:
- **ID**: Unique identifier for each task
- **Task Name**
- **Relation**: Link to associated misconfiguration or finding
- **Severity**: Impact level of the issue
- **Assignee**: Person responsible for the task
- **Status**: Current progress (e.g., new, in progress, completed)
- **Start/End Date, Created At**: Timeline info for tracking progress
- **Actions**: Manage or update the task
**Reports Section navigate through the leftmost button as highlighted in the image. **
[](https://cytechint-docs-bookstack.s3.amazonaws.com/uploads/images/gallery/2025-06/FhhqxZqqRrz1Tgcs-image.png) **Step1:** By clicking the box icon's drop-down button, it will show options to display desired findings. **Step2:** Choose desired output.1. **All:**
- This typically refers to a view or filter option that allows users to see all available data or findings within the CSPM module. It provides a comprehensive overview of all security posture assessments and findings across different cloud resources and configurations.
2. **CIS Section:**
- CIS (Center for Internet Security) Sections refer to categories of security best practices defined by the CIS benchmarks. These sections group related security controls and guidelines that help ensure cloud resources are configured securely. In CSPM, findings are often categorized by CIS sections to help users identify which areas of their cloud environment are least compliant with these best practices.
3. **Last Checked:**
- This indicates the most recent time when a particular resource or configuration was assessed for compliance with security benchmarks. It helps users understand how up to date the security posture information is and whether any recent changes might not yet be reflected in the findings.
4. **Cloud:**
- In CSPM, "Cloud" refers to the specific cloud service provider or environment being assessed. This could include platforms like AWS, Azure, or Google Cloud. The CSPM module evaluates resources within these cloud environments against security benchmarks to identify potential misconfigurations or vulnerabilities.
1. **Export Reports:**
- This feature allows users to generate and download reports of their security posture findings. Exporting reports can be useful for sharing with stakeholders, conducting audits, or maintaining records for compliance purposes. Reports typically include details of the findings, affected resources, and recommendations for remediation.
* If you need further assistance, kindly contact our support at **[support@cytechint.com](mailto:info@cytechint.com)** for prompt assistance and guidance.*
# Troubleshooting Log Collector Installation Issues
**STEP 1: Identify Your Log Collector**
Determine which Elastic component you're using for log collection: - **Filebeat** – Lightweight shipper for forwarding logs. - **Logstash** – Powerful pipeline for data transformation. - **Elastic Agent** – Unified agent that supports multiple integrations.**STEP 2: Check the official Manual** Elastic maintains official installation and configuration guides:
- **Filebeat:** [https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html) - **Logstash:** [https://www.elastic.co/guide/en/logstash/current/installing-logstash.html](https://www.elastic.co/guide/en/logstash/current/installing-logstash.html) - **Elastic Agent:** [https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html)STEP 3: Verify System Pre-requisites
**Ensure the following:** - Supported OS and architecture (Linux/Windows/macOS). - Network connectivity to Elasticsearch/Fleet. - Correct file and directory permissions. - Required system dependencies installed**STEP 4: Perform a Clean Installation**