Current File : //proc/self/root/backups/router/usr/local/share/syslog-ng/include/scl/osquery/plugin.conf
#############################################################################
# Copyright (c) 2017 Balabit
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 as published
# by the Free Software Foundation, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# As an additional exemption you are allowed to compile & link against the
# OpenSSL libraries as published by the OpenSSL project. See the file
# COPYING for details.
#
#############################################################################
block source osquery(file("/var/log/osquery/osqueryd.results.log") prefix(".osquery.") ...) {
channel {
source { file("`file`" program-override("osquery") flags(no-parse) `__VARARGS__`); };
parser { json-parser (prefix("`prefix`")); };
};
};
template t_osquery {
template("\"${ISODATE}\",\"${HOST}\",\"${LEVEL_NUM}\",\"${FACILITY}\",\"${PROGRAM}\",\"${ESCAPED_MESSAGE}\"\n");
template_escape(no);
};
block destination osquery(pipe("/var/osquery/syslog_pipe") ...) {
channel {
rewrite {
set("$MESSAGE", value("ESCAPED_MESSAGE"));
subst("\"","\"\"", value("ESCAPED_MESSAGE"), flags(global));
};
destination {
pipe(`pipe` template(t_osquery));
`__VARARGS__`;
};
};
};
Mini Shell