Hi All,
We are trying to integrate file based logs into secops (FilePath: /opt/logs/audit.log).
When we verify the forwarder logs, we are getting no such file found as the error.
Kindly suggest the solution for this issue.
Page 1 / 1
Hi,
Could you post the docker command that you are used to exec the forwarder?
Can you share the full error? Is the "No such file or directory error" referencing the forwarder conf file or the audit.log file?
Can you share the full error? Is the "No such file or directory error" referencing the forwarder conf file or the audit.log file?
Hi @cmorris ,
Please find the snip of error which i got.
Hi,
Could you post the docker command that you are used to exec the forwarder?
docker run
--detach
--name cfps
--log-opt max-size=100m
--log-opt max-file=10
--net=host
-v /opt/chronicle/config:/opt/chronicle/external
-v /var/log/crowdstrike/falconhostclient:/opt/chronicle/edr
gcr.io/chronicle-container/cf_production_stable
Hi @cmorris ,
Please find the snip of error which i got.
Sorry but I don’t understand very well the problem, could you post the config file (obviously without the auth section)?
docker run
--detach
--name cfps
--log-opt max-size=100m
--log-opt max-file=10
--net=host
-v /opt/chronicle/config:/opt/chronicle/external
-v /var/log/crowdstrike/falconhostclient:/opt/chronicle/edr
gcr.io/chronicle-container/cf_production_stable
Can you check if the command below works?
docker run
--detach
--name cfps
--log-opt max-size=100m
--log-opt max-file=10
--net=host
-v /opt/chronicle/config:/opt/chronicle/external
-v /opt/logs:/opt/chronicle/edr
gcr.io/chronicle-container/cf_production_stable
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.