# Log Sources Astral supports the ingestion and monitoring of log data from a broad range of sources, enabling comprehensive visibility across different layers of the environment. This capability allows the platform to collect security-relevant information from operating systems, applications, infrastructure components, cloud services, and other technologies that generate structured or semi-structured logs. By consolidating these sources, Astral establishes a centralized foundation for security analysis and correlation. Log collection can be performed through multiple methods, including direct monitoring of log and data files, agent-based collection, and API-based integrations. File-based monitoring enables Astral to observe local or remote data files in real time or near real time, ensuring that events generated at the system or application level are captured consistently. This approach supports a wide variety of log formats and use cases without requiring changes to the source systems. For cloud and SaaS environments, Astral integrates through APIs to collect security and operational data directly from service providers. This model enables continuous visibility into cloud-native activity such as authentication events, configuration changes, resource usage, and service-level actions. API-based ingestion ensures that cloud environments are monitored with the same level of consistency and depth as on-premises infrastructure, even in highly distributed architectures. Once collected, all log data is processed through Astral’s unified pipeline, where events are analyzed, interpreted, normalized, and correlated. This process transforms heterogeneous log formats into a consistent data model, allowing events from different sources and environments to be analyzed together. Through correlation and contextual enrichment, Astral connects log-based activity with network signals, identity events, and external risk information, supporting accurate detection, investigation, and response across the Inopli ecosystem. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/astral/data-ingestion/log-sources.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.