wazuh-logcollector.state

New in version 4.2.

The statistics file for wazuh-logcollector is located at /var/ossec/var/run/wazuh-logcollector.state.

It can be helpful to identify and measure if Wazuh is collecting and sending logs consistently.

By default, this file is updated every 5 seconds. This interval can be changed by modifying the logcollector.state_interval value from the internal configuration file.

Below there is an example of the file content:

{
"global": {
    "start": "2021-01-27 12:07:29",
    "end": "2021-01-27 12:08:34",
    "files": [
    {
        "location": "df -P",
        "events": 9,
        "bytes": 893,
        "targets": []
    },
    {
        "location": "/var/log/secure",
        "events": 0,
        "bytes": 0,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        }
        ]
    },
    {
        "location": "/var/log/messages",
        "events": 5,
        "bytes": 292,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        }
        ]
    },
    {
        "location": "/var/ossec/logs/active-responses.log",
        "events": 0,
        "bytes": 0,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        }
        ]
    },
    {
        "location": "last -n 20",
        "events": 1,
        "bytes": 1529,
        "targets": []
    },
    {
        "location": "netstat listening ports",
        "events": 1,
        "bytes": 212,
        "targets": []
    },
    {
        "location": "/var/log/audit/audit.log",
        "events": 0,
        "bytes": 0,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        }
        ]
    },
    {
        "location": "/var/log/maillog",
        "events": 0,
        "bytes": 0,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        },
        {
            "name": "custom_socket",
            "drops": 0
        }
        ]
    }
    ]
},
"interval": {
    "start": "2021-01-27 12:08:29",
    "end": "2021-01-27 12:08:34",
    "files": [
    {
        "location": "df -P",
        "events": 0,
        "bytes": 0,
        "targets": []
    },
    {
        "location": "/var/log/secure",
        "events": 0,
        "bytes": 0,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        }
        ]
    },
    {
        "location": "/var/log/messages",
        "events": 0,
        "bytes": 0,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        }
        ]
    },
    {
        "location": "/var/ossec/logs/active-responses.log",
        "events": 0,
        "bytes": 0,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        }
        ]
    },
    {
        "location": "last -n 20",
        "events": 0,
        "bytes": 0,
        "targets": []
    },
    {
        "location": "netstat listening ports",
        "events": 0,
        "bytes": 0,
        "targets": []
    },
    {
        "location": "/var/log/audit/audit.log",
        "events": 0,
        "bytes": 0,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        }
        ]
    },
    {
        "location": "/var/log/maillog",
        "events": 0,
        "bytes": 0,
        "targets": [
        {
            "name": "agent",
            "drops": 0
        },
        {
            "name": "custom_socket",
            "drops": 0
        }
        ]
    }
    ]
}
}