Agent Client Collector Log Analytics default policies and checks
Agent Client Collector Log Analytics provides various default policies and checks.
Streaming log data from Windows hosts is supported in Agent Client Collector Log Analytics Version 3.1.0 and later.
Default ACC-L policies
| Name | OS | Description | Check |
|---|---|---|---|
| Apache on Linux Logs | Linux | Collects logs from Apache servers running on a Linux OS and sends them to the MID Server for further analysis. | log shipper |
| Apache on Windows Logs | Windows | Collects logs from Apache servers running on a Windows OS and sends them to the MID Server for further analysis. | log shipper |
| IIS logs | Windows | Collects logs from Microsoft IIS web servers and sends them to the MID Server for further analysis. | log shipper |
| JBoss/WildFly Application Server on Linux Logs | Linux | Collects logs from JBoss/WildFly application servers running on a Linux OS and sends them to the MID Server for further analysis. | log shipper |
| JBoss/WildFly Application Server on Windows Logs | Windows | Collects logs from JBoss/WildFly application servers running on a Windows OS and sends them to the MID Server for further analysis. | log shipper |
| Linux OS Logs | Linux | Collects logs from the Linux OS and sends them to the MID Server for further analysis. | log shipper |
| MSSQL on Linux Logs | Linux | Collects logs from MSSQL DBs running on Linux and sends them to the MID Server for further analysis. | log_shipper |
| MSSQL on Windows Logs | Windows | Collects logs from MSSQL DBs running on a Windows OS and sends them to the MID Server for further analysis. | log shipper |
| MySQL DB on Linux Logs | Linux | Collects logs from MySQL DBs on a Linux OS and sends them to the MID Server for further analysis. | log shipper |
| MySQL DB on Windows Logs | Windows | Collects logs from MySQL DBs running on a Windows OS and sends them to the MID Server for further analysis. | log shipper |
| Nginx on Linux Logs | Linux | Collects logs from Nginx servers running on a Linux OS and sends them to the MID Server for further analysis. | log shipper |
| Tomcat on Linux Logs | Linux | Collects logs from Tomcat servers running on a Linux OS and sends them to the MID Server for further analysis. | log shipper |
| Tomcat on Windows Logs | Windows | Collects logs from Tomcat servers running on a Windows OS and sends them to the MID Server for further analysis. | log shipper |
| Oracle WebLogic | Windows and Linux | Collects logs from Oracle WebLogic servers and sends them to the MID Server for further analysis. Note:
|
log shipper |
| WebSphere Application Server on Linux Logs | Linux | Collects logs from WebSphere application servers running on a Linux OS and sends them to the MID Server for further analysis. | log shipper |
| Windows OS Event Logs | Windows | Collects Windows event logs from Windows servers and sends them to the MID Server for further analysis. | log shipper for win events |
Environment variables
The log path used for collecting logs from certain servers may contain environment variables. It’s important to note that on Linux systems, the ACC Agent can only access environment variables that reside in the /etc/environment file. Add the environment variables that the agent must access to the /etc/environment file using the format <NAME>='<VALUE>'. On Windows systems, you can create environment variables in the usual manner.
Default ACC-L checks
Agent Client Collector Log Analytics (ACC-L) provides the following default Type=Log checks.
- The log shipper check launches a background process that sends logs from servers to an agent data input, according to the check's configured log path. When access permissions are lacking or the log path is configured incorrectly, the system sends an alert to the instance. For proper log configuration, ensure that the servicenow user has permissions to access the configured log path on the machine that is hosting the agent, and that the log path is configured correctly.
- The log shipper for win events check is similar to the log shipper check, but sends event logs from Windows OS servers to the agent data input. Note:To collect Security Windows event logs, servicenow users on an agent hosting machine must have admin privileges.