how would one go about collecting logs from an encrypted log file that has to be first decrypted
I have some /var/log/my_encrypted_log.log
to read this I have to pipe the contents to an binary that decrypts them
eg.
$ cat /var/log/my_encrypted_log.log | my_decryption_binary | less
this will show the logs in clear text format
I don't want to save all my decrypted logs in a different file since it will grow quite big and I am disk space limited.
I was thinking of sending/tailing it to an TCP/UDP/http stream but would like to do that directly via Agent, if possible. Is there a way to run arbitrary(but pre-defined) binaries?
on our former Agent/Sidecar we've had a whitelist feature to allow other binaries to be run. We require something similar.
There is a new ER(internal reference number is 16281)
e.g. of the former feature where we needed to whitelist the binary directly on the host where the Agent was running
Basically it's like allowing the osquery(integration) or sysmon binaries but in this case we need a custom one.
Ideally we should be able to verify the CRC or sha512 signature that binary from Fleet
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.