search

ddbnl / office365-audit-log-collector

Collect / retrieve Office365, AzureAD and DLP audit logs and output to PRTG, Azure Log Analytics Workspace, SQL, Graylog, Fluentd, and/or file output.
https://ddbnl.github.io/office365-audit-log-collector/
MIT License
105 stars 40 forks source link

Improvement: Additional parameter for the work files #31

Closed Gill-Bates closed 2 years ago

Gill-Bates commented 2 years ago

The collector needs four files in my configuration:

collector.log
config.yaml
known_content
known_logs

With the parameter path I can determine where the logs are stored, but not where the working files are placed.

log:
  path: "collector.log"

However, this path only applies to the log files. I would find it helpful if there was also a parameter to set the location of the working files. But that would mean a small redsign of the YAML structure. For instance:

path:
  log: "collector.log"
  workingdir: "/usr/local/o365collector"
ddbnl commented 2 years ago

There's no reason not to allow choosing the working dir and it would be a small effort to implement, I'll do that in the coming days.

In order not to break backwards compatibility however I'll add the 'workingDir' parameter to the 'collect' section of the config, rather than moving the logging path parameter to a new section.

Thanks for the suggestion, makes a lot of sense :)

ddbnl commented 2 years ago

I was delayed a bit, but I've committed a new version that supports the working dir parameter. You can download the new executable here.

The parameter has an example in the new fullConfig.yaml. It looks like this:

collect:
  workingDir: /path/to/dir

I'll soon release an official release with all these latest changes and tag you in the credits for all the helpful suggestions, thanks!

Gill-Bates commented 2 years ago

Did you consider the logic, that the same path for collector.log is used, when no Log-Parameter ist specified?