Log Analytics configuration file

Each OneAgent provides a ruxitagentloganalytics.conf file where you can set configuration options.

Use template

If your OneAgent installation, freshly installed or upgraded, does not have the ruxitagentloganalytics.conf file, use ruxitagentloganalytics.conf.template as a template and create your own ruxitagentloganalytics.conf file.

  • AppLogContentAccess
    Enables access to the log file content on this host. If set to false, the log file will be displayed in the user interface, but it won't be accessible.
  • AppLogRemoteConfiguration
    Enables the manual configuration of logs to be accessed and monitored. If set to false, it won't be possible to add logs manually using the settings interface.
  • AppLogAutoDetection
    Enables auto-detection of log files on this host. If set to false, logs won't be auto-detected.
  • FilesInGroup
    Defines how many files can be open by the specified process group.
    Syntax: FilesInGroup=[process_group_ID], [warning_number_of_files], [maximum_number_of_files]
FilesInGroup=0x0, 150, 200
  • EntryFilter
    Defines the filter for a log entry. A matching definition for process group, log path, and line prefix will make this entry available on storage.
    Syntax: EntryFilter=[process_group_ID], [log_path], [LAQL]
EntryFilter=0x0,Windows Application Log,INFO=======
EntryFilter=0x201744FC09941B85,c:\ProgramData\CrashPlan\log\service.log.#,not INFO=======
  • LogEntryPrefix
    Defines the prefix of the log entry. If a match is found, the log line will be considered a log entry.
LogEntryPrefix=/var/ossec/logs/alerts/alerts.log,** Alert
  • MainLoopInterval
    Sets the time interval (in seconds) of the agent operations. Defines how often the agent will detect, analyze, and store logs.
  • AutomaticFile
    Defines which files will be included in or excluded in from the log analysis and storage.
AutomaticFile=Path, Include|Exclude
AutomaticFile=/var/log/*, Include
AutomaticFile=/var/log/*, Exclude
  • JSONTimestampFieldNames
    Defines a list of fields in a JSON-formatted log entry that will be used as a timestamp for automatic JSON parsing. This is a global configuration for all JSON log files. If more than one field is found, the first one will be used.
  • LogTimeSource
    Defines the log entry timestamp source. Define a path and/or host ID and/or process group ID and select a time source for it:

    AUTO-LOG - Automatically recognize timestamps in the log content as defined in supported formats.
    AUTO-OS - Stamp each logline with the operating system clock time. This should be used for logs with unsupported formats or with no timestamp.

LogTimeSource=path:/var/ossec/logs/alerts/alerts.log, pattern: AUTO-OS