diff --git a/salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json b/salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json index a5890794a..b6a21249a 100644 --- a/salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json +++ b/salt/elasticfleet/files/integrations/endpoints-initial/system-endpoints.json @@ -13,9 +13,14 @@ "system.auth": { "enabled": true, "vars": { + "ignore_older": "72h", "paths": [ "/var/log/auth.log*", "/var/log/secure*" + ], + "preserve_original_event": false, + "tags": [ + "system-auth" ] } }, @@ -24,34 +29,49 @@ "vars": { "paths": [ "/var/log/messages*", - "/var/log/syslog*" - ] + "/var/log/syslog*", + "/var/log/system*" + ], + "tags": [], + "ignore_older": "72h" } } } }, "system-winlog": { "enabled": true, - "vars": { - "preserve_original_event": false - }, "streams": { "system.application": { "enabled": true, "vars": { + "preserve_original_event": false, + "ignore_older": "72h", + "language": 0, "tags": [] } }, "system.security": { "enabled": true, "vars": { + "preserve_original_event": false, + "ignore_older": "72h", + "language": 0, + "tags": [] + } + }, + "system.system": { + "enabled": true, + "vars": { + "preserve_original_event": false, + "ignore_older": "72h", + "language": 0, "tags": [] } } - } - }, - "system-system/metrics": { - "enabled": false + } + }, + "system-system/metrics": { + "enabled": false } } }