Hi,
I have some application logs which are regularly updating with the real-time logs. Which means continuously appending logs data to the particular log file. I want to pass these logs to syslogs as syslogs already sending to Nagios Log server.
Can you please give me a little guide on how to parse such application logs to syslog?
Thank you
Luke.
parse application logs to syslog
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: parse application logs to syslog
If you go to the Green "Add Log Source" then click on "Linux files" under "File Monitoring" section it will give instructions for sending logs from a specific file on your system.
Re: parse application logs to syslog
Hi
Thanks for the input. I have been using Nagios LS since long back and I am quite familiar with all these steps. However my requirement is different,
I have a couple of application and services logs. Some of them are JSON format compatible and others are general log files. The objective is I want to send these logs to NLS over syslog or any other way.
If I explain a little about the nature of these logs,
app1_date_time_randomID.log --> appending logs to this file until the file size becomes 100MB. After that, it compressed into .gz and create a new log file with app1_newdate_newtime_newrandomID.log....so on.
Since the log files are rotating, rather than injecting archived files to NLS, how can we add these logs to NLS real time? It is very important to capture real-time logs.
Thank you
Luke
Thanks for the input. I have been using Nagios LS since long back and I am quite familiar with all these steps. However my requirement is different,
I have a couple of application and services logs. Some of them are JSON format compatible and others are general log files. The objective is I want to send these logs to NLS over syslog or any other way.
If I explain a little about the nature of these logs,
app1_date_time_randomID.log --> appending logs to this file until the file size becomes 100MB. After that, it compressed into .gz and create a new log file with app1_newdate_newtime_newrandomID.log....so on.
Since the log files are rotating, rather than injecting archived files to NLS, how can we add these logs to NLS real time? It is very important to capture real-time logs.
Thank you
Luke
Re: parse application logs to syslog
I see what you're saying, are you using rsyslog or just syslog?
We'll need to configure it to understand the rotate/rename.
We'll need to configure it to understand the rotate/rename.
Re: parse application logs to syslog
Hi
I am using mainly rsyslog. But some appservers having syslog. I am unable to install rsyslog for those servers as I dont have permission to install.
Thank you
Luke.
I am using mainly rsyslog. But some appservers having syslog. I am unable to install rsyslog for those servers as I dont have permission to install.
Thank you
Luke.
Re: parse application logs to syslog
Ok, so if you follow scottwilkerson's instructions it will show you an example of how to configure it, you could do something like this for rsyslog:
That would work because there is only one app1_*.log file in that directory because the others end in .tar.gz.
Code: Select all
curl -sS -O http://X.X.X.X/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s X.X.X.X -p 5544 -f "/path/to/your/file/app1_*.log" -t APP1Can you get permission? Are you running syslog-ng on those servers that don't have rsyslog?I am unable to install rsyslog for those servers as I dont have permission to install.