Configuration Manager. If you assign an Advanced File Collector to a Monitored Asset that represents an Axon Agent, the Asset may be configured to collect log messages from any log-generating application running on the Agent host system. In the Monitored Asset's properties, you can assign multiple Log Sources, and each Log Source represents a file or directory containing the application's log messages. This topic explains how to add Log Sources to these Assets, as well as how to configure the Log Sources.
To work with the Log Sources assigned to a Monitored Asset with an Advanced File Collector:
| 1. | In the side bar, select Resources >Configuration Manager. |
| 2. | In the side bar of the Configuration Manager, select  Resources > Monitored Assets. |
TLC presents your Monitored Assets in the workspace table.
|
Tip |
You can sort, group, and filter the contents of tables. For more information, see Working with Tables). |
|---|
| 3. | In the workspace, double-click the Monitored Asset. |
| 4. | In the Monitored Asset properties dialog, select the Log Sources tab. |
| 5. | To add a Log Source: |
| a. | Click  Add. |
| b. | Complete the Log Source properties dialog (see Table 54). |
| c. | Click OK. |
To change the properties of a Log Source:
| a. | Double-click the Log Source and edit the Log Source properties dialog (see Table 54). |
| b. | Click OK. |
To remove a Log Source, select the Log Source and click 
Delete.
To enable the collection of log messages from a Log Source, select the Log Source and click
Enable.
To disable a Log Source, select the Log Source and click
Disable.
| 6. | Once all Log Sources have been configured for the Asset, click OK to close the Monitored Asset properties dialog. |
|
Field |
Description |
|---|---|
|
Name |
A name for the Log Source (i.e., a log-generating application on an Axon Agent host system). |
|
Log-file path |
This field includes the full path to each log file to be collected from the Log Source by the Advanced File Collector. For example: C:\mydirectory\file.log In a file name, you can also include the following wildcard characters: ? represents a single character. * represents zero (0) or more characters. For example, the following path specifies all .log files in a directory: C:\mydirectory\*.log Each path should be entered on a separate line, and this field cannot exceed 4,096 characters. Note: If a file name includes the * wildcard, the Advanced File Collector will attempt to collect all files identified by the path (i.e., not just log files). Therefore, Tripwire recommends that you add the appropriate file extension to the file name (e.g., *.log). |
|
Timestamp format |
(Optional) Most log-generating applications (Log Sources) apply a timestamp to each of their log messages. To have TLC add these timestamps to the TLC log messages saved in the Audit Logger File Store, enter the appropriate format for the Log Source. For example, if the Log Source generates timestamps such as ... 21/02/2013 14:50:21 ... you would enter this format: dd/MM/yyyy HH:mm:ss If no timestamp format is specified, or the entered format does not match the Log Source's format, each related TLC log message will include a timestamp indicating when the Axon Agent collected the application's log message. For more information, see Working with Log Sources for an Advanced File Collector. |
|
Time zone offset |
(Optional) To have TLC translate timestamps to the time zone specified in the Advanced tab of the Monitored Asset's properties dialog (see Working with Monitored Assets), select this check box. |
|
Does this log file contain multi-line events? |
If the Log Source's log files contain log messages spanning multiple lines, select one of the following options. Yes - Each event begins with a timestamp. Select this option if each log message is preceded by a timestamp. Yes - I will define an alternate event delimiter. Select this option if each log message is preceded by a delimiter other than a timestamp. In this case, you must also complete the Event delimiter regex field. |
|
Event delimiter regex |
Note: This field only appears if Yes - I will define an alternate event delimiter is selected from the 'Does this log file contain multi-line events?' drop-down. A regular expression that identifies the delimiting character or string in the log files. |
|
File encoding |
(Read-only) Indicates that the Log Source encodes its messages with the UTF-8 character code. |