Linux Secure Technology Add-On will not auto-extract fields from Secure log?
crated test monitor
[monitor:///var/log/secure]
index = linux
sourcetype = linux_secure
and just installed app - no additional config
my bad. didn't search in Smart on verbose mode that extracts fields.