An example of merging local and server-side configuration of the Log Insight Windows Agent.
Local Configuration
You can have the following local configuration of the Log Insight Windows Agent.
[server]
proto=cfapi
hostname=HOST
port=9000
[winlog|Application]
channel=Application
[winlog|Security]
channel=Security
[winlog|System]
channel=System
[filelog|ApacheAccessLogs]
enabled=yes
directory=C:\Program Files (x86)\Apache Software Foundation\Apache2.2\logs
include=*.log
exclude=*_old.log
event_marker=^(\d{1,3}\.){3}\d{1,3} - -
Server-Side Configuration
You can use the
page of the Web user interface to apply centralized configuration to all agents. For example, you can exclude and add collection channels, and change the default reconnect setting.[server] reconnect=20 [winlog|Security] channel=Security enabled=no [winlog|Microsoft-Windows-DeviceSetupManagerOperational] channel=Microsoft-Windows-DeviceSetupManager/Operational
Effective Configuration
The effective configuration is a result of the merging of the local and the server-side configurations. The Log Insight Windows Agent is configured to :
- reconnect to the vRealize Log Insight server every 20 minutes
- continue to collect Application and System event channels
- stop collecting Security event channel
- start to collect Microsoft-Windows-DeviceSetupManager/Operational event channel
- continue to collect ApacheAccessLogs
[server]
proto=cfapi
hostname=HOST
port=9000
reconnect=20
[winlog|Application]
channel=Application
[winlog|Security]
channel=Security
enabled=no
[winlog|System]
channel=System
[winlog|Microsoft-Windows-DeviceSetupManagerOperational]
channel=Microsoft-Windows-DeviceSetupManager/Operational
[filelog|ApacheAccessLogs]
enabled=yes
directory=C:\Program Files (x86)\Apache Software Foundation\Apache2.2\logs
include=*.log
exclude=*_old.log
event_marker=^(\d{1,3}\.){3}\d{1,3} - -