Versions Compared

Old Version 3

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version 4

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. The Linux App is running on messages/syslog, auth/secure, mail, kern and cron standard logs.
    When adding/editing the logs to XpoLog it is mandatory to apply the correct log type(s) to each of the logs:
    1. linux - all logs that the application will analyze must have linux as a log type
    2. linux-messages/linux-syslog - only the messages/syslog logs must also be configured to have linux-messages/linux-syslog as a log type
    3. linux-auth/linux-secure - only the auth/secure logs must also be configured to have linux-auth/linux-secure as a log type
    4. linux-cron - only the cron log must also be configured to have linux-cron as a log type
    5. linux-mail - only the mail log must also be configured to have linux-mail as a log type
    6. linux-kernel  - only the kern log must also be configured to have linux-kernel as a log type

  2. Once the required information is set, on each log click next and edit the log pattern, this step is crucial to the accuracy and deployment of the Linux App. Use the following patterns for each of the logs:
    1. Linux messages messages/syslog log:
      {date:Date,MMM dd HH:mm:ss} {text:source,ftype=source} {text:process name,ftype=process;,}{block,start,emptiness=true}[{text:pid,ftype=pid}]{block,end,emptiness=true}: {text:Message,ftype=message;,}{regexp:User,ftype=user;refName=message,[passed|failed] for (.*) from}
    2. Linux auth auth/secure log:
      {date:Date,MMM dd HH:mm:ss} {text:SourceIP,ftype=source} {text:Process,ftype=process}{block,start,emptiness=true}[{text:pid,ftype=pid}]{block,end,emptiness=true}: {text:Message,ftype=message}
    3. Linux cron  cron log:
      {date:Date,MMM dd HH:mm:ss} {text:Server,ftype=server} {text:Process,ftype=process}{block,start,emptiness=true}[{text:pid,ftype=pid}]{block,end,emptiness=true}: {text:Message,ftype=message}
    4. Linux mail  mail log:
      {date:Date,MMM dd HH:mm:ss} {text:source} {text:process name,ftype=process;,}{block,start,emptiness=true}[{number:process id}]{block,end,emptiness=true}: {regexp:session,refName=Message;ftype=session,^(\w+):}{regexp:From,refName=Message;ftype=from,\s+from=([^,]+)}{regexp:To,refName=Message;ftype=to,\s+to=([^,]+)}{text:Message,ftype=message;,}
    5. Linux kernel  kernel log:
      {date:Date,MMM dd HH:mm:ss} {text:source,ftype=source} {text:process name,ftype=process;,}: [{text:time-taken,ftype=time-taken;,}] {text:Message,ftype=message}

...