To achieve that, the agent loads the latest configuration from Logentries on every start. Some users expressed concerns about this behavior. For example, should their account on Logentries be compromised, users had asked if one could potentially enable the agent to monitor other logs on their system – note the agent would not be able to upload a full history of system log files, as the agent sends deltas of growing files only.
However, we understand this concern. In order to reduce these concerns, and in cases where other options like rsyslog and syslog-ng are not suitable, we have extended the agent to support client-side file name filtering. Whenever the agent loads a new configuration it passes all files to be followed to a user-provided filter. Only files which pass this test are monitored.
Defining your own filter is easy – just provide a filtering function filter_filename which will return “True” or “False,” depending on if the agent is allowed to follow the file or not.
Typically you create a new directory that contains the filtering code. Create an empty init.py file there and in filters.py define the function filter_filtername. For example, the filters.py may contain this code to allow following log files only:
def filter_filename( filename): return filename.endswith( '.log')
The last step is to let the agent know where to look for the filter. In the agent configuration file (~/.le/config or /root/le/config) define filter option pointing to a directory containing your filter. For example:
Then restart the agent. That’s it!
Note that for large installation bases we also recommend using some modern syslog variant like rsyslog and syslog-ng which are commonly installed on Linux boxes. You won’t need to install additional software and given 128 bit long token and SSL support it provides a comparable level of security as the agent does.
Want to start using this feature to get the Logentries agent managing logs for your application? Sign up here and get started on your free 30-day trial account.