The journal_watcher plugin reads and parses sshd logs to generate sshd login and gssapi events.
Supports mainstream Linux distributions, including CentOS, RHEL, Debian, Ubuntu, RockyLinux, OpenSUSE, etc. Supports x86-64 and aarch64 architectures.
Through the complete deployment of elkeidup, this plugin is enabled by default.
In the root directory, execute:
BUILD_VERSION=188.8.131.52 bash build.sh
During the compilation process, the script will read the
BUILD_VERSION environment variable to set the version information, which can be modified according to actual needs.
After the compilation is successful, you should see two plg files in the
output directory of the root directory, which correspond to different system architectures.
- If no client component has been created, please create a new component in the Elkeid Console-Component Management page.
- On the Elkeid Console - Component Management page, find the "collector" entry, click "Release Version" on the right, fill in the version information and upload the files corresponding to the platform and architecture, and click OK.
- On the Elkeid Console - Component Policy page, delete the old "collector" version policy (if any), click "New Policy", select the version just released, and click OK. Subsequent newly installed Agents will be self-upgraded to the latest version.
- On the Elkeid Console - Task Management page, click "New Task", select all hosts, click Next, select the "Sync Configuration" task type, and click OK. Then, find the task you just created on this page, and click Run to upgrade the old version of the Agent.
journal_watcher is distributed under the Apache-2.0 license.