Log Monitoring configuration file
Each OneAgent provides a ruxitagentloganalytics.conf
file where you can set configuration options.
If your OneAgent installation, freshly installed or upgraded, does not have the ruxitagentloganalytics.conf
file, use ruxitagentloganalytics.conf.template
as a template and create your own ruxitagentloganalytics.conf
file.
AppLogContentAccess
Enables access to the log file content on this host. If set tofalse
, the log file will be displayed in the user interface, but it won't be accessible.
AppLogContentAccess=false
AppLogRemoteConfiguration
Enables the manual configuration of logs to be accessed and monitored. If set tofalse
, it won't be possible to add logs manually using the settings interface.
AppLogRemoteConfiguration=true
AppLogAutoDetection
Enables auto-detection of log files on this host. If set tofalse
, logs won't be auto-detected.
AppLogAutoDetection=true
FilesInGroup
Defines how many files can be open by the specified process group.
Syntax:FilesInGroup=[process_group_ID], [warning_number_of_files], [maximum_number_of_files]
FilesInGroup=0x0, 150, 200
EntryFilter
Defines the filter for a log entry. A matching definition for process group, log path, and line prefix will make this entry available on storage.
Syntax:EntryFilter=[process_group_ID], [log_path], [LAQL]
EntryFilter=0x0,Windows Application Log,INFO======
EntryFilter=0x201744FC09941B85,c:\ProgramData\CrashPlan\log\service.log.#,not INFO======
LogEntryPrefix
Defines the prefix of the log entry. If a match is found, the log line will be considered a log entry.
LogEntryPrefix=/var/ossec/logs/alerts/alerts.log,** Alert
MainLoopInterval
Sets the time interval (in seconds) of the agent operations. Defines how often the agent will detect, analyze, and store logs.
MainLoopInterval=60
-
AutomaticFile
Defines which files will be included in or excluded from the log analysis and storage.
AutomaticFile=Path, Include|Exclude
You can use the wildcard (
*
) to indicate specify all directories and subdirectories.
For example:AutomaticFile= */log/*/*, Exclude
Configuration
AutomaticFile= */log/*/*, Exclude
would exclude the/dir1/dir2/log/dir3/test1.log
file, but it would NOT exclude the/dir1/dir2/log/test2.log
file. In this example, thetest2.log
file is not located at the directory depth indicated in the configuration. As a result, the condition set in the configuration is not met.
JSONTimestampFieldNames
Defines a list of fields in a JSON-formatted log entry that will be used as a time stamp for automatic JSON parsing. This is a global configuration for all JSON log files. If more than one field is found, the first one will be used.
JSONTimestampFieldNames=time,timestamp