How It Works

Learn about the different ways to generate and send logs to your security platform

Logs from the Catalog or your Upload are processed: events are extracted, normalized, and converted to the format your destination expects. They are then sent directly to your configured security platform. No agents or ingestion endpoints are required. See Supported Log Types for accepted formats.

Logcannon

Catalog / Upload
Process & Transform
Destination

On-demand. No agents. Direct to your configured destination.

Traditional

Endpoints / Apps
Agents / Collectors
Ingestion Endpoint
Destination

Real-time stream. Requires agents and an ingestion pipeline.

Destination compatibility

Alignment to log format fidelity may differ depending on your destination's compatibility. See Supported Destinations for details.

Catalog

Browse and use pre-populated log samples from trusted sources. See Catalog Sources for the list of repositories.

Catalog: browse, filter, view, and insert logs. No file upload required.

Upload

Upload your own log files for processing and analysis. See Upload for the full workflow. Use History to track status and View to inspect output.

Common Workflow

Regardless of which method you use, the general workflow is the same:

  1. Configure your destination in Configuration (see Configuration)
  2. Select or create your log source (Catalog or Upload)
  3. Submit for processing
  4. Monitor the job status
  5. Verify logs appear in your security platform
  6. Test your detections and queries