Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ignore and restrict options to localfile configuration #1374

Open
chemamartinez opened this issue Sep 29, 2022 · 0 comments
Open

Add ignore and restrict options to localfile configuration #1374

chemamartinez opened this issue Sep 29, 2022 · 0 comments
Labels
level/task Task issue type/enhancement Enhancement issue

Comments

@chemamartinez
Copy link

chemamartinez commented Sep 29, 2022
edited

Hi team,

As part of wazuh/wazuh#5628 new options have been added to the Logcollector configuration in order to be able to ignore and restrict specific log entries.

The added options are:

  • ignore
  • restrict

In the configuration they are defined as follows:

  <localfile>
    <log_format>json</log_format>
    <location>/testignore.log</location>
    <ignore type="pcre2">regex_value</ignore>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/testrestrict.log</location>
    <restrict type="osregex">regex_value</restrict>
  </localfile>

Every tag includes a value and a type. Also, more than one tag can be added to the same localfile.

When requesting the active configuration, new options are defined as follows:

  • For the following configuration:
  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/file.log</location>
    <ignore type="pcre2">value1</ignore>
    <ignore type="osmatch">vale2</ignore>
    <restrict type="osregex">value3</restrict>
  </localfile>
  • API output:
# curl -k -X GET "https://localhost:55000/manager/configuration/logcollector/localfile?pretty=true" -H "Authorization: Bearer $TOKEN"
{
   "data": {
      "affected_items": [
         {
            "localfile": [
               {
                  "file": "/var/log/file.log",
                  "logformat": "syslog",
                  "ignore_binaries": "no",
                  "only-future-events": "yes",
                  "target": [
                     "agent"
                  ],
                  "ignore": [
                     {
                        "value": "value1",
                        "type": "pcre2"
                     },
                     {
                        "value": "vale2",
                        "type": "osmatch"
                     }
                  ],
                  "restrict": [
                     {
                        "value": "value3",
                        "type": "osregex"
                     }
                  ]
               }
            ]
         }
      ],
      "total_affected_items": 1,
      "total_failed_items": 0,
      "failed_items": []
   },
   "message": "Active configuration was successfully read",
   "error": 0
}

Best regards,
Chema.
@chemamartinez chemamartinez added the type/enhancement Enhancement issue label Sep 29, 2022
@snaow snaow added this to the Release 4.5.0 milestone Nov 16, 2022
@snaow snaow removed this from the Release 4.5.0 milestone Dec 21, 2022
@gdiazlo gdiazlo added the level/task Task issue label Apr 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
level/task Task issue type/enhancement Enhancement issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@snaow @gdiazlo @chemamartinez