Log content auto-discovery

By default, DESK auto-discovers all new log files. While some of the log files are valid and auto-discovered by default, other log files must meet certain requirements to be auto-discovered.

Default auto-discovery

DESK auto-discovers, analyzes, and stores logs every 60 seconds. You can modify this frequency in the Log Monitoring configuration file.

By default, log files are auto-discovered and analyzed if they are in:

• Windows System Log
• Windows Security Log
• Windows Application Log
• /var/log/syslog
• /var/log/messages

Auto-discovery requirements

A log file must meet all of the following requirements in order to be auto-discovered:

• The log file must be opened by an important process. See, Which are the most important processes?

• The log file must exist for a minimum of one minute.

• The log file must contain a supported time stamp.

  Binary logs and unsupported time stamp

  Binary log files and log files that contain an unsupported time stamp will be detected automatically but will not be analyzed and will not be stored (only the file status will be reported). See, Log Monitoring configuration file.

• The log file must be at least 0.5 kb in size.

• The log file must have been updated (written to) in the last 7 days.

• The log file must be in a root or in a sub folder of a log or logs folder:

  • Valid path examples:
    c:\log\log_file.txt
c:\logs\NewFolder\log_file.txt
  • Invalid path example:
    c:\log\NewFolder\NewFolder\log_file.txt

  or the log filename must contain a log string preceded or followed by the period (.) or underscore (_) character:

  • Valid filename examples:
    c:\NewFolder\0865842.log.txt
c:\NewFolder\log_file.txt
  • Invalid filename example:
    c:\NewFolder\logfile.txt