Do FIM integration can also monitor the log files?

evangelin · February 6, 2025, 5:12am

Hello team,
I'm using the FIM integration from ELK i have added the paths like /etc/passwd , /etc/group and /var/log/dpkg.log. I'm getting getting printed if any changes observer in /etc/passwd , /etc/group

But its not printing the logs if it observers any changes in /var/log/dpkg.log
why??
Please response !

leandrojmp · February 6, 2025, 12:25pm

Because log files are excluded per default, check the advanced options of the FIM integration and you will see the excluded files.

Per default the /var path is also not monitored.

Keep in mind that if you set it to monitor the /var path rescursively and set it to monitor log files, th

evangelin · February 6, 2025, 12:32pm

Hello
Thanks for your reply
when check the advance option for excluded file there was no /var path

i have added the path /var/log/dpkg.log in monitor path
**

**

leandrojmp · February 6, 2025, 12:36pm

The exclusion is for files, .log files are excluded, no matter where they are or even if they are specified in the Paths to monitor.

You would need to remove this exclusion.

evangelin · February 6, 2025, 12:44pm

OK
Thank You

system · March 6, 2025, 12:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
File Integrity Monitor Missing Events SIEM	3	244	March 2, 2024
Windows FIM Module - how to use custom path without recursive Beats auditbeat	1	293	December 29, 2023
Elastic Agent Integration: File Integrity Monitoring (FIM) Endpoint Security	4	1969	January 5, 2022
Visibility Monitoring - Have Kibana Ingest a File that Contains a List of Log Sources and Have Kibana Compare that List to What Sources Are Actually Being Collected Kibana	1	162	May 7, 2021
File integrity Monitoring with elasticsearch Elasticsearch	5	2804	June 14, 2018

Do FIM integration can also monitor the log files?

Related topics