Deployment Architecture
Highlighted

Pre-canned Linux source types under /var/log

Explorer

Is there any documentation about which files are covered by the pre-canned source types for linux? Specifically, there are two that are fairly similar, linuxmessagessyslog: italicFormat found within the Linux log file /var/log/messagesitalic and linux_secure: italicFormat for the /var/log/secure file containing all security related messages on a Linux machineitalic.

It's a production machine that I don't have access to, so I can't just guess and check.

Thanks

0 Karma
Highlighted

Re: Pre-canned Linux source types under /var/log

Champion
0 Karma
Highlighted

Re: Pre-canned Linux source types under /var/log

Explorer

That doesn't map the files to the the sourcetype. It gives an example of one log for that sourcetype.

0 Karma