New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a pattern exclusion option to Logcollector #2797
Comments
Hi @vikman90, The implementation is completed in this branch https://github.com/wazuh/wazuh/tree/3.9-logcollector-exclude. For now this will work only for globs patterns, not single files or an array of single files because it its not specified to do so yet, we need to clarify it. Take this configuration for example: <localfile>
<log_format>syslog</log_format>
<location>/home/rafa/Desktop/test-log/*.txt</location>
<exclude>/home/rafa/Desktop/test-log/a*</exclude>
</localfile> It will exclude all files beginning with an
|
Hi @vikman90, there was an issue with the implementation, every time the main thread reloaded the wildcards, the excluded files appeared in the info message as new files. With the following configuration: <localfile>
<log_format>syslog</log_format>
<location>/home/rafa/Desktop/test-log/*</location>
<exclude>/home/rafa/Desktop/test-log/e*</exclude>
</localfile> See the following log bellow:
This is now fixed in this commit 4b0a62e Regards. |
Merged at #2929 |
Logcollector allows using wildcarded patterns to set up file monitoring. These patterns are based on globbing pathnames (glob(7)). However, defining patterns to exclude files is not easy.
Add an exclusion option to the localfile stanza, like this:
Actually, Logcollector will monitor the files defined by
<location>
-<exclude>
.The text was updated successfully, but these errors were encountered: