Log content auto-discovery
By default, DESK auto-discovers all new log files. While some of the log files are valid and auto-discovered by default, other log files must meet certain requirements to be auto-discovered.
Default auto-discovery
DESK auto-discovers, analyzes, and stores logs every 60 seconds. You can modify this frequency in the Log Monitoring configuration file.
By default, log files are auto-discovered and analyzed if they are in:
Windows System Log
Windows Security Log
Windows Application Log
/var/log/syslog
/var/log/messages
Auto-discovery requirements
A log file must meet all of the following requirements in order to be auto-discovered:
-
The log file must be opened by an important process. See, Which are the most important processes?
-
The log file must exist for a minimum of one minute.
-
The log file must contain a supported time stamp.
Binary logs and unsupported time stampBinary log files and log files that contain an unsupported time stamp will be detected automatically but will not be analyzed and will not be stored (only the file status will be reported). See, Log Monitoring configuration file.
-
The log file must be at least 0.5 kb in size.
-
The log file must have been updated (written to) in the last 7 days.
-
The log file must be in a root or in a sub folder of a
log
orlogs
folder:- Valid path examples:
c:\log\log_file.txt
c:\logs\NewFolder\log_file.txt
- Invalid path example:
c:\log\NewFolder\NewFolder\log_file.txt
or the log filename must contain a
log
string preceded or followed by the period (.
) or underscore (_
) character:- Valid filename examples:
c:\NewFolder\0865842.log.txt
c:\NewFolder\log_file.txt
- Invalid filename example:
c:\NewFolder\logfile.txt
- Valid path examples:
If you don't want DESK to automatically discover new log files on a specific monitored host, set:
AppLogAutoDetection = false
On Linux:
-
DESK OneAgent versions 103 and later:
/var/lib/desk/oneagent/agent/config/ruxitagentloganalytics.conf
-
DESK OneAgent versions 102 and earlier:
/var/lib/ruxit/agent/config/ruxitagentloganalytics.conf
On Windows:
-
DESK OneAgent versions 103 and later:
C:\ProgramData\desk\oneagent\agent\config\ruxitagentloganalytics.conf
-
DESK OneAgent versions 102 and earlier:
C:\ProgramData\ruxit\agent\config\ruxitagentloganalytics.conf
OneAgent restart is not required.