We're using the unix app to monitor our linux machines. One of the files we need to monitor is /var/log/secure. The unix app has a monitor for /var/log with a _whitelist that does not include 'secure'. Rather than entirely overwrite that whitelist with an entry in in etc/system/local/inputs.conf, does anyone know of a way of appending to it (other than editing the inputs.conf in the unix app)? What I mean is can you do something like this -
[monitor:///var/log]
_whitelist=EXISTING-WHITELIST+'secure'
Thanks
Your best bet is to add another inputs stanza, rather than to augment the existing one. For example:
[monitor:///var/log/secure*]
Your best bet is to add another inputs stanza, rather than to augment the existing one. For example:
[monitor:///var/log/secure*]
Unfortunately appending filters is only possible with the fschange monitor at this point.