Worklet: Create a Rapid7 InsightIDR/InsightOPS logging.json file

  • 2 November 2020
  • 0 replies
  • 172 views

The insight agent from Rapid7 insightIDR and InsightOPS supports advanced configuration features which can be configured by placing a logging.json file in the config folder of the agent. Distribution of this config file is not handled by Rapid7 therefore Automox can be used to place the file on all applicable systems. The content of the logging.json file can be tweaked based on your own preferences.

Documentation can be found here: https://docs.rapid7.com/insight-agent/insightops#windows


Don’t forget to add your API key before using the worklet.



if ($configcheck -eq "True")
{Write-Output "logging.json already exists"
exit 0}

New-Item "C:\Program Files\Rapid7\Insight Agent\components\insight_agent\common\config\logging.json"

Set-Content -Path "C:\Program Files\Rapid7\Insight Agent\components\insight_agent\common\config\logging.json" -Value '{
"config": {
"name": "insight agent windows",
"endpoint": "eu.data.logs.insight.rapid7.com",
"region": "eu",
"api-key": "PLACE YOUR API KEY HERE",
"state-file": "C:\\Program Files\\Rapid7\\Insight Agent\\components\\insight_agent\\common\\state.file",
"formatter" : "plain",
"windows-eventlog": {
"enabled": true,
"destination": "Windows Event Logs/Endpoints"
},
"metrics": {
"destination": "System Metrics/Endpoints",
"metrics-cpu": "system",
"metrics-disk": "sum sda4 sda5",
"metrics-interval": "60s",
"metrics-mem": "system",
"metrics-net": "sum eth0",
"metrics-space": "/",
"metrics-swap": "system",
"metrics-vcpu": "core",
"system-stat-enabled": true
},
"logs": []
}
}'

Restart-Service -Name "ir_agent"

0 replies

Be the first to reply!

Reply