Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documenting journald Log Format Configuration in Logcollector #7201

Closed
4 tasks done
JcabreraC opened this issue Mar 25, 2024 · 2 comments · Fixed by #7202
Closed
4 tasks done

Documenting journald Log Format Configuration in Logcollector #7201

JcabreraC opened this issue Mar 25, 2024 · 2 comments · Fixed by #7202
Assignees
@juliancnn @JcabreraC
Labels
level/task Task issue type/enhancement Enhancement issue

Comments

@JcabreraC
Copy link
Member

JcabreraC commented Mar 25, 2024
edited by vikman90

Wazuh version Component Install type Install method Platform
4.9.0 Logcollector Manager/Agent Packages/Sources OS version

Description

This documentation issue aims to detail the addition of the journald log format to the localfile configuration in Wazuh's Logcollector. It will cover the configuration specifics, including the support for multiple <localfile> blocks, filtering options, and the logic applied when merging these blocks.

Objectives

  • Document journald Configuration: Provide comprehensive documentation on configuring journald log collection through the localfile tag in ossec.conf.
  • Explain Multiple Blocks Handling: Clarify how multiple configuration blocks for journald logs are parsed and applied, emphasizing the OR logic between blocks and the precedence of certain settings.
  • Detail Filtering Options: Describe the filtering capabilities within <localfile> blocks, including the use of PCRE2 regex for selective log collection.
  • Configuration Examples: Offer practical examples of journald log collection configurations to aid users in setting up their environments.

Tasks

  • Write documentation sections for the journald log format configuration within localfile.
  • Explain the logic of merging multiple <localfile> blocks for journald, including logical operations and setting precedence.
  • Provide clear examples of configurations for collecting journald logs with various filters and settings.
  • Review and validate the documentation for accuracy and clarity.

Acceptance Criteria

  • The documentation accurately reflects the new journald log format configuration options in Logcollector.
  • Users can easily understand how to configure multiple journald log sources and apply filters.
  • The documentation includes examples that are practical and applicable to common use cases.
@JcabreraC JcabreraC added type/enhancement Enhancement issue level/task Task issue labels Mar 25, 2024
@JcabreraC JcabreraC mentioned this issue Mar 26, 2024
Closed
12 tasks
@juliancnn
Copy link
Member

juliancnn commented Apr 15, 2024
edited by vikman90

Daily update

Ready for review, but in local 😄 , the issue must be transferred to wazuh-documentation repository before creating the PR and peer review.

@JcabreraC JcabreraC transferred this issue from wazuh/wazuh Apr 16, 2024
@juliancnn juliancnn mentioned this issue Apr 16, 2024
Merged
7 tasks
@juliancnn
Copy link
Member

juliancnn commented Apr 16, 2024
edited by vikman90

Daily update

  • Minor changes due to review.

@JcabreraC JcabreraC linked a pull request Apr 25, 2024 that will close this issue
Add logformat journald to localfile reference #7202
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@juliancnn juliancnn

@JcabreraC JcabreraC

Labels
level/task Task issue type/enhancement Enhancement issue
Projects
Release 4.9.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add logformat journald to localfile reference wazuh/wazuh-documentation
2 participants
@juliancnn @JcabreraC