Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Log forwarding

The Log forwarding feature allows you to forward the logs collected from the configured sources to a designated cloud account.

Configure forwarding policy
Edit forwarding policy
Enable and disable forwarding policy
Delete forwarding policy

Note: The logs will undergo compression prior to forwarding, with compression ratios ranging from 15% to 20% depending on the content of the logs.

Configure forwarding policy:

Go to Settings tab → Admin → under General → Log Forwarding.

Log forwarding

Click Configure Forwarding Policy.
Enter a Policy Name and select the Cloud Account (or configure a Cloud Account by clicking on Configure Cloud Account), Bucket Name, Storage Class, and Encryption Type as required. Then click Configure.
Once the Log Forwarding Policy is added successfully, the raw logs will be forwarded to the configured bucket in the path
'Log360CloudLogs/<accountId>/RawLogs/year=<year>/month=<month>/day=<day>/hour=<hour>/min=<(mins in multiples of 5)>/<logZipName>'. (The folder path will be formed based on UTC timezone)
Note:
- The customer will be charged accordingly from the cloud source account side for performing the below option for this feature in Log360Cloud
  - For AWS, operations includes s3:PutObject, s3:GetObject, s3:CreateBucket, and s3:ListBucket.
- Log360Cloud will not be responsible for the data stored in the Cloud Source Account.
- The bucket's lifecycle configuration can be established with a prefix that matches the provided file path pattern. Based on the specified requirements, Lifecycle rule can dictate actions for objects, including deletion or setting expiration dates.
The forwarding history can be viewed by clicking Details near Forwarded Data Size.

Edit forwarding policy:

Click the Edit icon at the top-right of the policy details to edit the policy.
Update the required values in the Edit page and click the Update button.
The policy will be updated and the upcoming logs will be forwarding to the updated destination.

Enable and disable forwarding policy:

The toggle button near the Policy Name can be used to enable or disable the policy.

Note: Logs during this disabled period will not be forwarded again after enabling the policy.

Log forwarding

Enabled state

Log forwarding

Disabled state

Log forwarding

Delete forwarding policy:

Click the Delete icon at the top right of the policy details to delete the policy.

Note: Deleting the policy won't delete the forwarded data in the cloud account.

Log forwarding

Note: This feature will be available only for the Standard License Plan. Click here to know more on the licensing.