Forum Discussion

jagadish .D's avatar
jagadish .D
Copper Contributor
Nov 29, 2017
Solved

Linux File Change Tracking

   Hi,   I am working one of the customer enterprise environment azure cloud automation tasks. From azure perspective past couple of days working and trying to setup alert Management in OMS. We...
Azure Log Analytics
azure monitor
Deleted's avatar
Deleted
Nov 30, 2017

Hi Stainslav,

 

Thanks for providing information.

if i use your query i can able to get .conf file changes. But it's collecting from entire path available directory files(/etc/other directory). But we are looking the file changes till next directory, not other directory (/etc/dir1/dir2/dir3/dir4/files).  it means (/etc/dir1/).

Let me know any solution available on this.

 

Thanks

 

Jagadish

  • Stanislav_Zhelyazkov's avatar
    Stanislav_Zhelyazkov
    MVP
    Dec 01, 2017

    Hi

    I am not sure I understand what you are saying. Can you provide more details?

    • jagadish .D's avatar
      jagadish .D
      Copper Contributor
      Dec 01, 2017

      Hi Stainslav,

       

      Apologies for misunderstanding.

       

      I need to monitor the file changes only to next level of directory, which are in etc.  For example:  /etc/(azure)*.conf  - any modification done in azure.conf, alert need to be triggered.

       

      Query should not pick any other directories apart from /etc/.

       

      Thanks,

      Jagadish

       

      Thanks

      • Stanislav_Zhelyazkov's avatar
        Stanislav_Zhelyazkov
        MVP
        Dec 01, 2017

        Hi

        I am still not sure if I get the scenario right but let me know if this works:

         

        let test1 = datatable(Path:string)
[
    "/etc/auzre.conf",
    "/etc/azure/azure.conf",
    "/etc/bla/bla.conf",
    "/etc/bla/sadasd/bla.conf"
];
test1 | where Path matches regex "^/etc/([^/]+)$"

Resources