The Samhain Host Integrity Monitoring System | ||
---|---|---|
Prev | Appendix C. Configuration file syntax and options | Next |
Section heading:
[Logmon]
LogmonActive=boolean — 'true' to switch on, 'false' to switch off.
LogmonSaveDir=/abslute/path sets the directory where checkpoint data for logfiles is stored (default: same as for pid file).
LogmonClean=boolean delete old checkpoint data unmodified for 30 days or more (default: off).
LogmonInterval=seconds — Interval between checks (default 10).
LogmonWatch=TYPE:path[:format] — File to monitor.
LogmonHidePID=boolean — Suppress PID in syslog messages, 'true' to switch on, 'false' to switch off.is an option
LogmonMarkSeverity=severity — Severity for reports on missing heartbeat messages if the messages themselves are assigned to the 'trash' queue (default: crit).
LogmonBurstThreshold=number — The number of repeated messages within 12 minutes that must be exceeded to report a burst of repeated messages (default: 24).
LogmonBurstQueue=queue — Set the reporting queue for reporting bursts of similar log messages (default: don't report).
LogmonBurstCron=boolean — Whether to report also on bursts of repeated cron messages (defaul: false).
LogmonDeadtime=seconds — Do not report a correlated event again within the given time (default: 60 seconds).
LogmonQueue=label:[interval]:(sum|report):severity[:alias] — defines an output queue.
LogmonHost=(perl)regex — Causes the following rules to be applied only to entries for this host(s).
LogmonEndHost — Explicitely ends a preceding LogmonHost directive.
LogmonGroup=(perl)regex — Causes the following rules to be applied only if the group regex matches.
LogmonEndGroup — Explicitely ends a preceding LogmonGroup directive.
LogmonRule=queue_label:(perl)regex — matches a logfile entry against the provided regular expression.