# README
Scripted Inputs Receiver
| Status | |
|---|---|
| Stability | development: logs |
| Distributions | contrib |
Overview
The scripted inputs receiver is a component that performs log collection equivalent to what the UF does when the Unix and Linux Technical Add-on is installed. It must be run directly on host and is not supported in container.
Configuration
| Script name | Description |
|---|---|
| bandwidth | Network statistics via the shell commands dlstat, netstat, and sar |
| cpu | CPU statistics via the shell commands sar, mpstat, and iostat |
| df | Free disk space for each mount point via the shell commands df, mount, and fstyp |
| hardware | Hardware information via the shell commands cpuinfo, df, dmesg, ifconfig, ioscan, iostat, ip, lanscan, lsattr, lscfg, lsdev, lsps, lspv, meminfo, mpstat, prtconf, prtdiag, sysctl, system_profiler, swap, swapinfo, and top |
| interfaces | Configured network interfaces via the shell commands dmesg, ethtool, ifconfig, kstat, lanscan, lanadmin, and netstat |
| iostat | Input/output statistics for block devices and partitions via the shell commands darwin_disk_stats, iostat, and sar |
| lastlog | Last login times for system accounts via the shell commands last, lastb, and lastlogin |
| lsof | Process information via the shell command lsof |
| netstat | Network connections, routing tables, and network interface information via the shell command netstat |
| nfsiostat | Collects NFS mounts data via the shell command nfsiostat. Requires the nfs-utils package. |
| openPorts | Available network ports via the shell command netstat |
| openPortsEnhanced | TCP/UDP ports in a listening state, and information on process, process ID, IP version, and so on. via the shell commands lsof, and netstat |
| package | Lists installed software packages via the shell commands dpkg-query, pkginfo, pkg_info, pkg info, system_profiler, and swlist |
| passwd | Shows username and associated user ID, user group ID, and shell |
| protocol | TCP/UDP transfer statistics via the shell command netstat |
| ps | Status of current running processes via the shell command ps |
| rlog | Linux Auditing System events information recorded in /var/log/audit/audit.log by auditd |
| selinuxChecker | Parses /etc/sysconfig/selinux to check if SELinux is configured |
| service | Running services and associated details via the shell commands chkconfig, dscl, svcs, and systemctl |
| sshdChecker | Parses sshd_config for information local sshd configurations |
| time | System date and time, and NTP server time via the shell commands and chronyc, date andntpdate |
| top | List of running system processes via the shell commands ps and top |
| update | Available software updates for installed packages via the shell commands softwareupdate and yum |
| uptime | System date and uptime information via the shell command date |
| usersWithLoginPrivs | Shows system username information |
| version | OS version details via the shell command uname |
| vmstat | Process-related memory usage information via the shell commands prstat, prtconf, ps, sar, svmon, swap, swapinfo, sysctl, top, uptime, and vmstat |
| vsftpdChecker | Parses vsftpd.conf for information about local VSFTP server configurations in /etc, /etc/vsftpd, or /private/etc |
| who | Information about all users currently logged in via the shell command who |
The following settings are required:
script_name: Name of the script to be executed.collection_interval: (default =60s) how often the script should be executed
The following settings are optional:
source: source of the eventsourcetype: sourcetype of the eventmultiline: how the standard output of the script is split, works exactly the same way as the multiline setting of filelog receiver Example:
receivers:
scripted_inputs/df:
script_name: df
collection_interval: 10s
source: df
sourcetype: df
multiline:
line_end_pattern: '\n'
service:
pipelines:
logs:
receivers: [scripted_inputs/df]
processors: [memory_limiter, batch]
exporters: [splunk_hec]