Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

File Forwarder Log Source Configuration Options

Use the reference information to configure the WinCollect plug-in for the File Forwarder log source.

You must also configure parameters that are not specific to this plug-in. The File Forwarder plug-in can be used with Universal DSM to poll many types of logs from the Windows host.

Table 1: File Forwarder Protocol Parameters

Parameter

Description

Log Source Type

Universal DSM

Protocol Configuration

Select WinCollect File Forwarder.

Local System

Disables remote collection of events for the log source. The log source uses local system credentials to collect and forward events to the JSA.

Root Directory

The location of the log files to forward to JSA.

If the WinCollect agent remotely polls for the file, the root log directory must specify both the server and the folder location for the log files.

Filename Pattern

The regular expression (regex) that is required to filter the file names. All files that match the pattern are included in the processing. The default file pattern is .* and matches all files in the Root Directory.

Monitoring Algorithm

The Continuous Monitoring option is intended for files systems that append data to log files.

The File Drop option is used for the log files in the root log directory that are read one time, and then ignored in the future.

Only Monitor Files Created Today

Enabled by default. Clear this option to monitor files from before the current day.

File Monitor Type

The Notification-based (local) option uses the Windows file system notifications to detect changes to your event log.

The Polling-based (remote) option monitors changes to remote files and directories. The agent polls the remote event log and compares the file to the last polling interval. If the event log contains new events, the event log is retrieved.

File Reader Type

If you choose the Text (file held open) option, the system that generates your event log continually leaves the file open to append events to the end of the file.

If you choose the Text (file open when reading) option, the system that generates your event log opens the event log from the last known position, and then writes events and closes the event log.

Select the Memory Mapped Text (local only) option only when advised by Juniper Customer Support. This option is used when the system that generates your event log polls the end of the event log for changes. This option requires that you also select the Local System check box.

File Reader Encoding

For files without a BOM, select ANSI if you want the files converted to UTF8. Otherwise, select UTF8 if the files are already in UTF8 and no conversion is needed.

Note:

This option is only available on the WinCollect Configuration Console.

File Parser Type

Files can be parsed in two ways: Single Line or Multi Line.

Single Line - Parses a file and creates an event for each line.

Multi Line - Parses an XML file and creates an event that comprises multiple lines from the point that a specified starting token is parsed, until the next time the specified starting token is parsed.

Note:

Multi Line parsing currently only supports XML file types.

Multi Line "Starts With" Regex Token

The Multi Line File Parser Type requires a "Starts With" token. The "Starts With" token should be the regex that is required to identify every character from the beginning of the line you want to start a multi line event with. It is important to make your regex as accurate as possible to avoid combining events due to similar whitespace before the characters, and to avoid not parsing the file at all due to not finding a "Starts With" token.

Related Documentation