# File-Based Monitoring Astral provides native support for file-based monitoring, enabling continuous collection of security-relevant data directly from log and data files generated by systems and applications. This capability allows organizations to monitor sources that write events to files, ensuring that critical information is captured without requiring complex integrations or changes to existing architectures. Through the Inopli Agent, Astral monitors designated files and directories, tracking new entries and updates as they occur. This approach supports both structured and unstructured data formats, allowing the platform to ingest information from a wide variety of technologies, including operating systems, middleware, custom applications, and legacy systems that rely on file-based logging. As data is collected, Astral analyzes and interprets file-based events, applying normalization to convert them into a unified internal format. This ensures that events originating from different file sources can be correlated consistently with other telemetry, such as network activity, identity events, and cloud data. File-based monitoring therefore becomes an integral part of the overall security visibility provided by Astral. By incorporating file-based sources into its ingestion and analysis pipeline, Astral ensures that locally generated activity is fully represented in the security monitoring process. These events can be correlated, prioritized, and acted upon through Inopli’s integrated Response and RPA capabilities, enabling effective detection and response even in environments where file-based logging remains a primary source of operational data. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/astral/data-ingestion/log-sources/file-based-monitoring.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.