File Integrity Monitoring Using the Perch Log Shipper

Utilizing the current Log Shipper, Perch can provide comprehensive file integrity monitoring for Windows and Linux based systems.

Getting Started:

Implementing file integrity monitoring on a specific system begins with downloading and installing the Perch Log Shipper.

For Windows systems, the Log Shipper can be downloaded from within the Perch application by going to SETTINGS -> SENSORS and clicking the “download the installer” hyperlink.

From there, follow the deployment instructions provided in the Perch Log Shipper documentation (see link below).


For Linux systems, follow the instructions provided in the link below:



Once the Log Shipper is installed, the Auditbeat configuration file (auditbeat.yml) will need to be modified to include the file / directory paths to be monitored.

Before editing the auditbeat.yml file, it is recommended that the “perch-auditbeat” service be stopped.

Once the service is stopped, navigate to C:\Program Files\Perch\configs. From there, right click on the auditbeat.yml file and hit Edit.

Within the Auditbeat config file, go to the “Modules configuration” section where you will see a list of default file paths.

Using the same syntax, add the additional file paths to be monitored (see sample audtibeat.yml below).

To have the Auditbeat agent automatically scan subdirectories, add the following line below the last file path listed:

recursive: true

Once the additional file paths have been added to the Auditbeat configuration, save the file and restart the “perch-auditbeat” service.

Auditbeat will proceed to perform an initial scan of the directories and should begin reporting on changes to the files contained shortly after, depending on the size of the directories included.


To get started with file integrity monitoring, there is a “File Integrity Monitoring” dashboard which can be installed from the Perch Marketplace.