Resources 2018-03-14T09:54:17+00:00

New Whitepaper – Logtrust Approach to Data Operations

Download now!



Find extended information about specific areas.

Technical Briefs
Solutions Sheets
Performance perspectives
Use Cases


Other people wanted to know…

See all FAQs

Release Notes

Check out the latest Logtrust features!

See Release Notes


Check out the latest Logtrust Webinars!

Real Time Analytic Webinar
IoT Analytics On-Demand
Threat Hunting


If you have any doubts or questions regarding the use of our platform, this is the place to check.

Go to Docs

Technical Briefs

Solution Sheets


Performance perspectives

Use Cases



How often are alerts updated? 2017-03-15T10:12:12+00:00

Logtrust’s pattern/processes/alert Libraries are updated every week or whenever a critical event happens e.g. a zero day.

Collective sharing of alerts. logtrust clients can share alerts that are relevant for their own business/industry with other clients.

How are alerts determined? 2017-03-15T10:12:12+00:00

Alerts for logtrust are far more sophisticated than those of our competitors: an alert is defined not as a simple rule, but rather as a process/behavioural pattern.

All alerts are delivered in real time, can use a richer set of historical data and are far more detailed than those for specific log fields (not only for the log per se)

Type of alerts: some alerts are defined by logtrust and are common to most clients and others are specific to a certain industry and are defined using a transversal view and the sharing of client experience.

What are the instructions for setting up devices? 2017-01-02T19:59:11+00:00

Logtrust has defined instructions for log delivery from most relevant devices, operative systems (Windows, Unix, Linux, Routers, Switches, etc.) and applications (Oracle, MySql, Apache, Tomcat, Websphere, etc.)

Logtrust also provides instructions on how to easily integrate the customers’ own application logs. Developers can integrate logtrust services in their own applications through a public Java API.

What log data will be accepted? 2017-03-15T10:12:12+00:00

For logtrust, events are not treated as data strings; rather, logs are structured and treated according to their type and source allowing us to perform complex analyses of the logs’ data fields.

We accept logs from any type of device or system. logtrust gathers data not only from security devices but also from systems (Linux, Windows, etc.), security infrastructure, (routers, switches, etc.) applications infrastructure (web servers, application servers, databases, etc.) and business applications (SAP, homemade apps, etc.).

Logtrust can recognize each datafield within a log from any of the above sources in order to perform searches and correlation.

How much of the data is stored? 2017-01-02T19:58:30+00:00

No data is lost: logtrust stores all the data of all the events of all the logs. Additionally, searches can be performed on specific datafields and can also be linked/resolved out of the system (e.g. Delocalization).

How much of the data is actively searchable? 2017-01-02T19:57:59+00:00

All data is actively searchable in real time. From a search point of view, it makes no difference whether it is a log stored 10 seconds ago or 10 years ago. Search time does not increase with the amount of data stored.

For instance, if a given search for data stored yesterday requires 3 seconds the same search in 10 years time will require 3 seconds.

How are the system upgrades handled? 2017-03-15T10:12:12+00:00

Logtrust handles upgrades via the temporary replication of client infrastructure. For example, for every new version for each client logtrust will run the old and the new version in parallel for a period of a week until we are confident the new version works properly.

Logtrust will also pilot new versions with a selected set of clients.

What backup and redundancy is included? 2017-03-15T10:12:12+00:00

Logtrust always provides two replica databases which are constantly updated (in real time). Further backup services may be contracted, such as separate datacentres and geographical areas.

Logtrust offers different backup alternatives: 6 months, 1 year, 2 years, 5 years.

What is the level of compression and bandwidth use? 2017-01-02T19:56:32+00:00

Delivery: Logtrust supports compression at the origin for the delivery of data using standard lzw algorithms– with typical compression ratios of around 12:1

Storage: compression is performed in real time upon receipt of logs and events. These logs and events are immediately available for querying and correlation.

How quickly does processing occur? 2017-01-02T19:56:03+00:00

Real time. There is no batch processing, all events and logs are available for search and correlation from the moment they are received, which happens in less than a second.

Logtrust can deliver real time reports based on recent past data or complete historical data.

How often is the data transmitted? 2017-03-15T10:12:12+00:00

Real time, unless the client decides otherwise (Logtrust can also support deferred delivery of data).

How are the keys stored? 2017-03-15T10:12:12+00:00

Each client is assigned an ID code, if logs are encoded at destination. Logtrust can also provide its clients with private, isolated data storage.

How is the data sent? 2017-03-15T10:12:12+00:00

Logtrust supports the delivery of encoded data using standard protocols over SSL, TLS, syslog (TCP, UDP and TCPC), SFTP, etc. and authentication with X509v3 digital certificates. The client may deliver their logs to a relay server that will deliver the properly encoded logs to Logtrust.

Safety and Security 2017-03-15T10:12:12+00:00

Logtrust’s highly secure standards are delivered in several ways:

  • Permission levels per type of view. There is total granularity when viewing of log data. Different types of view can be attached to each log and different permission levels can be assigned to each view. For instance, a technician can view certain data in comparison to a Security Manager or an Auditing department. Also, views can be established based on the importance of the log.
  • Encoding of events. Data fields for each event may be encoded or decoded for certain specific access profiles.
  • Privacy levels. Data may be stored with different privacy levels. Additionally, data can be stored in WORM (write Once Read Multiple) systems to avoid modification.
  • Digital Signature and TimeStamp per event to ensure compliance with legal requirements.

Any other questions?

Our team is always available to answer your queries, please fill the contact form and we’ll reply as rapidly possible:

Contact Us