Hi All,
We are trying to integrate file based logs into secops (FilePath: /opt/logs/audit.log).
When we verify the forwarder logs, we are getting no such file found as the error.
Kindly suggest the solution for this issue.
File based integration with Google SecOps via Forwarder
+6- Bronze 1
+10Can you share the full error? Is the "No such file or directory error" referencing the forwarder conf file or the audit.log file?
+6- Bronze 1
Can you share the full error? Is the "No such file or directory error" referencing the forwarder conf file or the audit.log file?
Hi @cmorris ,
Please find the snip of error which i got.
+6- Bronze 1
Hi,
Could you post the docker command that you are used to exec the forwarder?
docker run
--detach
--name cfps
--log-opt max-size=100m
--log-opt max-file=10
--net=host
-v /opt/chronicle/config:/opt/chronicle/external
-v /var/log/crowdstrike/falconhostclient:/opt/chronicle/edr
gcr.io/chronicle-container/cf_production_stable
+6- Bronze 1
Hi @cmorris ,
Please find the snip of error which i got.
Sorry but I don’t understand very well the problem, could you post the config file (obviously without the auth section)?
+8- Bronze 2
docker run
--detach
--name cfps
--log-opt max-size=100m
--log-opt max-file=10
--net=host
-v /opt/chronicle/config:/opt/chronicle/external
-v /var/log/crowdstrike/falconhostclient:/opt/chronicle/edr
gcr.io/chronicle-container/cf_production_stable
Can you check if the command below works?
docker run
--detach
--name cfps
--log-opt max-size=100m
--log-opt max-file=10
--net=host
-v /opt/chronicle/config:/opt/chronicle/external
-v /opt/logs:/opt/chronicle/edr
gcr.io/chronicle-container/cf_production_stable
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.