- play_arrow WinCollect 10 Overview
- play_arrow Installing WinCollect 10
- play_arrow Installing WinCollect 10
- Hardware and software requirements for the WinCollect 10 host
- Upgrading WinCollect 10 agents
- Installing WinCollect 10 using the GUI Quick installation
- Installing WinCollect 10 using the command line
- Installing WinCollect 10 using the Advanced installer
- WinCollect 10 Command line installation advanced examples
- WinCollect 10 installation script examples
- play_arrow Uninstalling WinCollect 10
- play_arrow WinCollect 10 Stand-alone Console
- play_arrow WinCollect 10 stand-alone console
- play_arrow WinCollect 10 stand-alone configuration
- play_arrow Agent settings
- Service status
- Log Viewer
- Top Sources
- Applying pending changes
- play_arrow Create a source in the Source wizard
- play_arrow Configuration Scripts
- play_arrow Configuration scripts
- Configuring WinCollect 10 to collect Microsoft security events
- play_arrow Agent configuration update script use cases
- Adding NSA filtering to an existing source
- Add Sysmon to your existing Windows event sources
- Changing the heartbeat interval
- Modifying the event data storage configuration
- Sending Syslog data to JSA over TCP
- Change the console port number
- Configuring a remote source with an update script
- Add Active Directory lookup update script
- Update script to add a secondary destination
- Update script file warn and error messages
- play_arrow WinCollect Sources
- play_arrow WinCollect Sources
- play_arrow The WinCollect 10 Statistics File
- play_arrow WinCollect Terminology
File Forwarder advanced settings
You can use the following advanced settings to fine tune File Forwarder sources.
File Forwarder advanced settings
Parameter | Default value | Description |
---|---|---|
File stale duration (minutes) | 1440 | In Continuous mode, how many minutes to keep monitoring a file that has not changed, before dropping it. The default value is one day. Select zero to keep monitoring files indefinitely. |
Scan folder interval (seconds) | 300 | How often to scan the folder when File Monitor Type is Folder Scanning. |
File parser |
| How to read lines in the files. |
Filter to accept lines | How many lines a mask or filter accepts lines to process. You can select * (many chars) ? (one char), # (a number), or a regex. | |
Multiple lines per event | ||
| A mask or filter finds the first line to process in multilink. You can select * (many chars) ? (one char), # (a number), or a regex. | |
| A mask or filter finds the last line to process in multiline. You can select * (many chars) ? (one char), # (a number), or a regex. | |
| You can include or exclude the first (header) and last (footer) lines of a block. | |
| Trims the lines before adding to the block separated by a space. | |
File | ||
| A mask or filter to categorize files into this file class. You can select * (many chars) ? (one char), # (a number), or a regex. | |
| The AgentLogFormat payload header field. If you don't want to include this field, leave the value empty. | |
| The CSV fields to include in the payload. Use #FIELDS to grab first line in the file that starts with #Fields. Use #HDL_LINES to grab the list of fields from file header. | |
| The field list line prefix. | |
| The field list separator handles \t , XML , KEYED
(CSV) , or NCSA . |