An example of merging local and server-side configuration of the Log Insight Windows Agent.

Local Configuration

You can have the following local configuration of the Log Insight Windows Agent.

[server]
proto=cfapi
hostname=HOST
port=9000

[winlog|Application]
channel=Application

[winlog|Security]
channel=Security

[winlog|System]
channel=System

[filelog|ApacheAccessLogs]
enabled=yes
directory=C:\Program Files (x86)\Apache Software Foundation\Apache2.2\logs 
include=*.log 
exclude=*_old.log 
event_marker=^(\d{1,3}\.){3}\d{1,3} - -

Server-Side Configuration

You can use the Management > Agents page of the Web user interface to apply centralized configuration to all agents. For example, you can exclude and add collection channels, and change the default reconnect setting.

[server]
reconnect=20

[winlog|Security]
channel=Security
enabled=no

[winlog|Microsoft-Windows-DeviceSetupManagerOperational]
channel=Microsoft-Windows-DeviceSetupManager/Operational

Effective Configuration

The effective configuration is a result of the merging of the local and the server-side configurations. The Log Insight Windows Agent is configured to :

  • reconnect to the vRealize Log Insight server every 20 minutes
  • continue to collect Application and System event channels
  • stop collecting Security event channel
  • start to collect Microsoft-Windows-DeviceSetupManager/Operational event channel
  • continue to collect ApacheAccessLogs
[server]
proto=cfapi
hostname=HOST
port=9000
reconnect=20

[winlog|Application]
channel=Application

[winlog|Security]
channel=Security
enabled=no

[winlog|System]
channel=System

[winlog|Microsoft-Windows-DeviceSetupManagerOperational]
channel=Microsoft-Windows-DeviceSetupManager/Operational

[filelog|ApacheAccessLogs]
enabled=yes
directory=C:\Program Files (x86)\Apache Software Foundation\Apache2.2\logs 
include=*.log 
exclude=*_old.log 
event_marker=^(\d{1,3}\.){3}\d{1,3} - -