This module allows
crowdsec-agent to acquire logs from text files (in one-shot and streaming mode), and GZ files in one-shot mode.
filename: A single path to a file to tail. Globbing is supported. Required if
filenamesis not provided.
filenames: A list of path to files to tail. Globbing is supported. Required if
filenameis not provided.
force_inotify: If set to
true, force an inotify watch on the log files folder, even if there is no log in it (default:
source: Must be
A basic configuration is as follows:
source: file filenames: - /tmp/foo/*.log - /var/log/syslog labels: type: syslog
DSN and command-line¶
This module supports acquisition directly from the command line, to read files in one shot.
A single file URI is accepted with the
-dsn parameter, but globbing is supported for multiple files:
crowdsec -type syslog -dsn file:///var/log/*.log
You can specify the
log_level parameter to change the log level for the acquisition :
crowdsec -type syslog -dsn file:///var/log/*.log?log_level=info
By default, if a glob pattern does not match any files in an existing directory, this directory will not be watched for new files (ie,
/var/log/nginx/*.log does not match, but
You can override this behaviour with the
force_inotify parameter, which will put a watch on the directory.