Logentries agent enables users to get set up very quickly. We provide it for convenience as using the agent is far easier than configuring similar tools like syslogs.
To achieve that, the agent loads the latest configuration from Logentries on every start. Some users expressed concerns about this behavior. Should their account on Logentries be compromised, one can enable agent to follow other logs than desired (it won’t be able to upload other files as the agent sends deltas of growing files only).
We understand this. In order to reduce these concerns in cases where other options like rsyslog and syslog-ng are not suitable, we extended the agent to support client-side file name filtering. Whenever the agent loads new configuration it passes all files to be followed to user-provided filter. Only files which pass this test are followed.
Defining your own filter is easy – just provide a filtering function filter_filename which will return True or False depending on if the agent is allowed to follow the file or now.
Typically you create a new directory that contains the filtering code. Create an empty __init__.py file there and in filters.py define the function filter_filtername. For example, the filters.py may contain this code to allow following log files only:
def filter_filename( filename): return filename.endswith( '.log')
Last step is to let the agent know where to look for the filter. In the agent configuration file (~/.le/config or /root/le/config) define filter option pointing to a directory containig your filter. For example:
Then restart the agent. That’s it!
Note that for large installation bases we also recommend using some modern syslog variant like rsyslog and syslog-ng which are commonly installed on Linux boxes. You won’t need to install additional software and given 128 bit long token and SSL support it provides comparable level of security as the agent does.