Configuring OSPatrol to monitor a logfile is simple, just one small change to the system's /var/ospatrol/etc/ospatrol.conf
and a restart of the OSPatrol processes. Alternately, the configuration can be placed in the /var/ospatrol/etc/shared/agent.conf
on the manager.
There are a number of formats that OSPatrol recognizes, the main one being syslog
. If there is a log format OSPatrol does not recognize, you can use syslog
as a "catch-all," and build your decoders/rules around it. Other options can be found on the localfile syntax page.
/var/log/messages
/var/log/secure
/var/log/authlog
/var/log/xferlog
/var/log/maillog
/var/www/logs/access_log
/var/www/logs/error_log
- On Debian based systems:
-
/var/log/dpkg.log
- On RHEL based systems:
-
/var/log/yum.log
<ospatrol_config>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/messages</location>
</localfile>
</ospatrol_config>
<ospatrol_config>
<localfile>
<log_format>apache</log_format>
<location>/var/log/apache/access_log</location>
</localfile>
</ospatrol_config>
<localfile>
<location>Application</location>
<log_format>eventlog</log_format>
</localfile>
<localfile>
<location>Security</location>
<log_format>eventlog</log_format>
</localfile>
<localfile>
<location>System</location>
<log_format>eventlog</log_format>
</localfile>