Forum Discussion
Solved
Linux File Change Tracking
Hi,
I am working one of the customer enterprise environment azure cloud automation tasks. From azure perspective past couple of days working and trying to setup alert Management in OMS. We...
Hi You will have to use string operators: https://docs.loganalytics.io/docs/Language-Reference/Scalar-operators/String-operators You can use matches regex but that might be not easy to solve if you do not know regex.
ConfigurationChange | where FileSystemPath startswith "/etc/" and FileSystemPath endswith ".conf"
This should probably will allow you to scope to those specific files
Hi You will have to use string operators: https://docs.loganalytics.io/docs/Language-Reference/Scalar-operators/String-operators You can use matches regex but that might be not easy to solve if you do not know regex.
ConfigurationChange | where FileSystemPath startswith "/etc/" and FileSystemPath endswith ".conf"
This should probably will allow you to scope to those specific files
Hi Stainslav,
Thanks for providing information.
if i use your query i can able to get .conf file changes. But it's collecting from entire path available directory files(/etc/other directory). But we are looking the file changes till next directory, not other directory (/etc/dir1/dir2/dir3/dir4/files). it means (/etc/dir1/).
Let me know any solution available on this.
Thanks
Jagadish
Hi
I am not sure I understand what you are saying. Can you provide more details?
Hi Stainslav,
Apologies for misunderstanding.
I need to monitor the file changes only to next level of directory, which are in etc. For example: /etc/(azure)*.conf - any modification done in azure.conf, alert need to be triggered.
Query should not pick any other directories apart from /etc/.
Thanks,
Jagadish
Thanks
