IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Reading application log file with WinCollect

    Posted Wed November 08, 2023 02:03 AM
    Edited by benlinux Wed November 08, 2023 02:05 AM

    Hello Expert,

    I want to monitor an application log file using the Wincollect file forwarder protocol configuration. I have a folder with so many files, and I don't want to use the default file pattern ".*" because it monitors all the files within the specified folder.

    I want to monitor just two files within the folder. The files in the folder are InsightUserAccess.log and InsightUserAuthentication .log, and I have tried the following file patterns but none of them seems to work, accept the default file pattern i.e. ".*"

    File Pattern:

    InsightUser.*
    InsightUser*

    InsightUserA*log.

    What seems to collect logs is .*, but this is too noisy. I also think the Wincollect agent will be using a lot of resources to monitor all the files rather than the two files I want to monitor.

    Please assist. 



    ------------------------------
    benlinux
    ------------------------------



  • 2.  RE: Reading application log file with WinCollect

    Posted Wed November 08, 2023 09:02 AM

    Its not something I've played with, is the directory full of log files?

    Using regex101 I could grab your files using both: InsightUser[A-Za-z]*\.log and [A-Za-z]*\.log does that help?



    ------------------------------
    exploring data
    ------------------------------

    Original Message


Related Content