Log Monitoring configuration file

Each OneAgent provides a ruxitagentloganalytics.conf file where you can set configuration options.

Use template

If your OneAgent installation, freshly installed or upgraded, does not have the ruxitagentloganalytics.conf file, use ruxitagentloganalytics.conf.template as a template and create your own ruxitagentloganalytics.conf file.

  • AppLogContentAccess
    Enables access to the log file content on this host. If set to false, the log file will be displayed in the user interface, but it won't be accessible.
  • AppLogRemoteConfiguration
    Enables the manual configuration of logs to be accessed and monitored. If set to false, it won't be possible to add logs manually using the settings interface.
  • AppLogAutoDetection
    Enables auto-detection of log files on this host. If set to false, logs won't be auto-detected.
  • FilesInGroup
    Defines how many files can be open by the specified process group.
    Syntax: FilesInGroup=[process_group_ID], [warning_number_of_files], [maximum_number_of_files]
  FilesInGroup=0x0, 150, 200
  • EntryFilter
    Defines the filter for a log entry. A matching definition for process group, log path, and line prefix will make this entry available on storage.
    Syntax: EntryFilter=[process_group_ID], [log_path], [LAQL]
  EntryFilter=0x0,Windows Application Log,INFO======
  EntryFilter=0x201744FC09941B85,c:\ProgramData\CrashPlan\log\service.log.#,not INFO======
  • LogEntryPrefix
    Defines the prefix of the log entry. If a match is found, the log line will be considered a log entry.
  LogEntryPrefix=/var/ossec/logs/alerts/alerts.log,** Alert
  • MainLoopInterval
    Sets the time interval (in seconds) of the agent operations. Defines how often the agent will detect, analyze, and store logs.
  • AutomaticFile
    Defines which files will be included in or excluded from the log analysis and storage.
    AutomaticFile=Path, Include|Exclude

    You can use the wildcard (*) to indicate specify all directories and subdirectories.
    For example:

    AutomaticFile= */log/*/*, Exclude

    Configuration AutomaticFile= */log/*/*, Exclude would exclude the /dir1/dir2/log/dir3/test1.log file, but it would NOT exclude the /dir1/dir2/log/test2.log file. In this example, the test2.log file is not located at the directory depth indicated in the configuration. As a result, the condition set in the configuration is not met.

  • JSONTimestampFieldNames
    Defines a list of fields in a JSON-formatted log entry that will be used as a time stamp for automatic JSON parsing. This is a global configuration for all JSON log files. If more than one field is found, the first one will be used.