Each OneAgent provides a
ruxitagentloganalytics.conf file where you can set configuration options.
If your OneAgent installation, freshly installed or upgraded, does not have the
ruxitagentloganalytics.conf file, use
ruxitagentloganalytics.conf.template as a template and create your own
Enables access to the log file content on this host. If set to
false, the log file will be displayed in the user interface, but it won't be accessible.
Enables the manual configuration of logs to be accessed and monitored. If set to
false, it won't be possible to add logs manually using the settings interface.
Enables auto-detection of log files on this host. If set to
false, logs won't be auto-detected.
Defines how many files can be open by the specified process group.
Syntax: FilesInGroup=[process_group_ID], [warning_number_of_files], [maximum_number_of_files]
FilesInGroup=0x0, 150, 200
Defines the filter for a log entry. A matching definition for process group, log path, and line prefix will make this entry available on storage.
Syntax: EntryFilter=[process_group_ID], [log_path], [LAQL]
EntryFilter=0x0,Windows Application Log,INFO======= EntryFilter=0x201744FC09941B85,c:\ProgramData\CrashPlan\log\service.log.#,not INFO=======
Defines the prefix of the log entry. If a match is found, the log line will be considered a log entry.
Sets the time interval (in seconds) of the agent operations. Defines how often the agent will detect, analyze, and store logs.
Defines which files will be included in or excluded in from the log analysis and storage.
AutomaticFile=Path, Include|Exclude AutomaticFile=/var/log/*, Include AutomaticFile=/var/log/*, Exclude
Defines a list of fields in a JSON-formatted log entry that will be used as a timestamp for automatic JSON parsing. This is a global configuration for all JSON log files. If more than one field is found, the first one will be used.
Defines the log entry timestamp source. Define a path and/or host ID and/or process group ID and select a time source for it:
AUTO-LOG - Automatically recognize timestamps in the log content as defined in supported formats.
AUTO-OS - Stamp each logline with the operating system clock time. This should be used for logs with unsupported formats or with no timestamp.
LogTimeSource=path:/var/ossec/logs/alerts/alerts.log, pattern: AUTO-OS
The following properties are still available, but they are deprecated and replaced by the
Listed name patterns of log files that will be auto-detected for monitoring. You can add multiple name patterns for additional log file name matching.
AllowedLogs=*[.\-_]log[.\-_]* AllowedLogs=*[.\-_]log AllowedLogs=catalina.out
Listed name patterns of directories for log files that will be auto-detected for monitoring. If a log file is discovered in a directory containing the defined string, it will be auto-detected for monitoring. You can add multiple name patterns for additional log directory matching.
Log directory depth. Logs found in directories defined in the
AllowedDirLogsproperty will be added for monitoring only if found on the level defined in
Allows log directories with defined prefix. If a log file is found in a directory path starting with what you define in
AllowedDirPrefixes, it will be auto-detected for monitoring. You can add multiple directory name prefixes for allowing additional directories.