Hello,
I would like to use Insight agent to collect additional linux logs, I followed the link for that but unable to find them on Insight.
link: Configure the Insight Agent to Send Additional Logs | InsightIDR Documentation
Regards
If you mean that you couldnt find a logging.json file on your host i think its because they dont exist by default. You need to create the file and place it on the endpoints. That link has a handful of examples on how to build your logging.json to capture specific logs from your endpoints. However, you can configure it to pull essentially any log file hosted on the endpoints.
Thank you John, but I created the file and I ensure there is no error in agent.log. I even see the INFO that the logging is considered.
( Initializing configured log from /opt/rapid7/ir_agent/components/insight_agent/common/config/logging.json )
I also checked if there is some network connection. but not
I am planning to collect logs from Linux node.
Regards
Just give it time, and it will show up in Insight IDR.
For us it took around 12h