my input.conf below, need to have a recursive path for subfolders and all files. But the below is not working, am I missing something?
[monitor://M:\MGSLog\...\*]
sourcetype = mgslog
index = mgslog
disabled = false
ignoreOlderThan = 1d
I have never used *
for the file but I don't see why it wouldn't work. If you do not need recursion, you can do this instead:
[monitor://M:\MGSLog\*\*]
I have never used *
for the file but I don't see why it wouldn't work. If you do not need recursion, you can do this instead:
[monitor://M:\MGSLog\*\*]
Hey.
The config looks fine to me, even though I would change the wildcard to the actual logfilename(s) like mylogfile*.log or so.
You can never be sure that someone uses your directory as temporary storage. those files would be ingested too. You dont want that.
Do you have any logs from the universalfowarder. Maybe the monitored files are to small so that you have to use saltcrc. or maybe you have a permission problem, even though i think that might not be the case on windows machines.
Thanks for replying so quickly, definitely not a premission issue. Tried testing with adding the sub directories directly in the input and it bring the files in. with regards to the wildcard we are planning to add a whitelist for the files in production as this is just a POC. problem is that it brings in the files in the main directory but not the subdirectories?
Thats strange. maybe its an issue with the universalforwarder.
If you only have one subdirectory you could you * instead of ...
No issue with working with whitelists as long as the sourcetype is the same. Otherwise different monitoring stanzas would be great.