The Linux macOS Agent has the ability to monitor any text-based log file. The initial log configuration parameters to consider are the location of the log files to be monitored, and the type of log files being monitored. From this page:
- select Add to create a new log monitor
- Modify to update an existing log monitor
- Delete to remove the objectivelog monitor
Editing a Log Configuration
The following parameters for the log inputs may be set:
- Select the Log Type. The log type of a file will tell the Snare server or other SIEM how to handle the incoming data stream and in which table the processed information should be stored. The available log types are:
...