General
XpoLog SDK provides a set of commands that enables remote configuration of different XpoLog properties without accessing the GUI.
The following commands are available.
...
Key | Description | Values |
|
api | The API type to use – must be addLog | “addLog” | Mandatory |
| logName | The name of the log to be created | Text | Mandatory |
| logPath | The full path to the log under the Folders and Log Tree (excluding the log name) | ROOT = Top Folder (Folders and Logs) Use ‘->’ in the path between folders | Optional |
| newLogPath | The new Folders and Logs path to placethe log in XpoLog Folders and Logs tree (for example Root->Folder1->Folder2). | ROOT = Top Folder (Folders and Logs) Use ‘->’ in the path between folders | Optional*
|
| newLogName | The new log name | Text | Optional*
|
filesPath | The full path to the logs on the source:
| Text | Mandatory |
| collectionPolicy | The exact name of the collection policy to be assigned on the log (if doesn't exist, the command will be ignored) | Text | Optional |
| accountName | The name of the account to be used if needed (SSH or Win Account or Remote XpoLog) | Text | Direct Access - Optional Win Network/SSH - Mandatory |
| patterns | A list of patterns that will be applied on the log that is added (separated by XPLG_SDK_SEP) | Text | Mandatory* |
| appTags | A comma separated list of appTags that the added log will be tagged to | Text | Optional |
| overrideAppTags | Specifies whether to add appTags on a log or replace the existing appTags of a log. Used only on edit when override is set to true | true/false | Optional |
| timezone | The timezone definition of the added log | Text (a value from JAVA time zone list) | Optional |
| charset | The charset definition of the added log | Text (a value from JAVA charset list) | Optional |
| template | The name of the template to be used | Text | Optional* specific parameters that are passed override template's settings |
| dataFilterQuery | The dataFilterQuery to be applied on the specified - see Advanced Log Settings for more information. (pass an empty filter to clear an existing filter) | Text | Optional |
override | Overwrite an existing log configuration (Default: false) | true/false | Optional |
...
Key | Description | Values |
|
api | The API type to use – must be addLog | “addLog” | Mandatory |
| logName | The name of the log to be created | Text | Mandatory |
| logPath | The full path to the log under the Folders and Log Tree (excluding the log name) | ROOT = Top Folder (Folders and Logs) Use ‘->’ in the path between folders | Optional |
| newLogPath | The new Folders and Logs path to placethe log in XpoLog Folders and Logs tree (for example Root->Folder1->Folder2). | ROOT = Top Folder (Folders and Logs) Use ‘->’ in the path between folders | Optional*
|
| newLogName | The new log name | Text | Optional*
|
| host | The host to collect data from (default: localhost) | Text | Optional |
| unc | True = use direct access to the EVTX file (faster but requires permissions). False = connect via Windows platform (automatic) | true/false | Optional |
| collectionPolicy | The exact name of the collection policy to be assigned on the log (if doesn't exist, the command will be ignored) | Text | Optional |
| accountName | The name of the account to be used if needed (Windows Authentication Account if not used on XpoLog service level) | Text | Optional |
| appTags | A comma separated list of appTags that the added log will be tagged to | Text | Optional |
| overrideAppTags | Specifies whether to add appTags on a log or replace the existing appTags of a log. Used only on edit when override is set to true | true/false | Optional |
| timezone | The timezone definition of the added log | Text (a value from JAVA time zone list) | Optional |
override | Overwrite an existing log configuration (Default: false) | true/false | Optional |
...