Modify Event Importer Settings

Applies To: WatchGuard SIEMFeeder

On first run, the WatchGuard Event Importer configuration wizard uses your entered information to update the configuration.json file . You can find this JSON file in the root folder of the Event Importer install.

After the Event Importer configuration wizard completes, Event Importer begins to download event log files stored on the Microsoft Azure infrastructure. Event Importer routes the log files to your specified channel location, based on the information that the configuration.json file contains.

The configuration.json file contains this data:

  • Information about the user who owns the log files.
  • Information about the method used to send and store the log files.
  • Information about the Event Importer execution mode (for example, command line or service).

To change Event Importer settings, you can modify the configuration.json file. After you modify the configuration.json file, you must stop and start the Event Importer process to apply any changes made to the file.

Parameters Related to Log File Events

These configuration.json parameters decide how Event Importer generates log files.

Channels

Indicates the characteristics of the channel used to download log files.

Type

Storage type used in the channel.

Name

Channel name.

Configuration

Channel settings (fullPath, fileSizeLimitInBytes, directoryMaxSizeInMB, fileSplitFormat).

fullPath

Absolute path to the log folder.

fileSizeLimitInBytes

Maximum size of the log files.

directoryMaxSizeInMB

Maximum size of the content in the folder that stores the log files. When Event Importer reaches the maximum size, it deletes 10 percent of the oldest files.

fileSplitFormat

Rotation interval of the log files. The file name contains the year(yyyy), month(MM), day (dd), hour(HH), and minute (mm) of when Event Importer creates the file.

“1h” or empty

yyyyMMdd-HH format. A file generates every hour.

"1m"

yyyyMMdd-HHmm format. Generates a file every minute.

"5m"

yyyyMMdd-HHmm format. Generates a file every 5 minutes.

"10m"

yyyyMMdd-HHmm format. Generates a file every 10 minutes.

"15m"

yyyyMMdd-HHmm format. Generates a file every 15 minutes.

"30m"

yyyyMMdd-HHmm format. Generates a file every 30 minutes.

Parameters Related to the Execution Log

Event Importer saves all operations it executes to text files. It stores the text files in the log folder of the application.

These parameters in the configuration.json file decide how Event Importer generates the text files.

LogsPath

Absolute or relative path and file name. Make sure to escape the backlash character (“\”).
For example, .\\log\\log.txt.

LogFileSizeLimitKBytes

Rotates the log file when it reaches a certain size in kilobytes, adds the suffix – SequenceNumber.
For example, log-3.txt.

LogRetainedFileCountLimit

Indicates the maximum number of files that Event Importer stores on the storage device. Event Importer deletes the oldest file when it reaches this number.

Interval

Rotation interval of the log files:

0

No rotation. The suffix is null. The file name is the same as the name the LogsPath parameter defines.

1

File rotates every year. The suffix for the name defined in LogsPath is LognameYear(YYYY).
For example, log2021.txt.

2

File rotates every month. LogsPath defines the suffix for the name as LognameYearMonth(YYYYMM).
For example, log202107.txt.

3

File rotates every day. The suffix for the name defined in LogsPath is LognameYearMonthDay(YYYYMMDD).
For example, log20210722.txt.

4

File rotates every hour. The suffix for the name defined in LogsPath is LognameYearMonthDayHour(YYYYMMDDhh).
For example, log2021072210.txt.

5

File rotates every minute. The suffix for the name defined in LogsPath is LognameYearMonthDayHourMinute(YYYYMMDDhhmm).
For example, log202107221055.txt.

For more information about event log parameters, see the WatchGuard SIEMFeeder Event Guide.

See Also

About SIEMFeeder

Event Importer Requirements

Configure Multiple Event Importer Instances