How to monitor log files that we change part of the name

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
nagioscarnovale
Posts: 20
Joined: Tue Feb 05, 2019 9:53 am

How to monitor log files that we change part of the name

Post by nagioscarnovale »

Hey everyone,

I have the problem of monitoring "TOMCAT" files whose name changes every day
/opt/tomcat/logs/ # ls -la

-rw-r----- 1 tomcat tomcat 7.3K Jun 14 09:38 catalina.2019-06-16.log
-rw-r----- 1 tomcat tomcat 7.3K Jun 17 10:54 catalina.2019-06-17.log
-rw-r----- 1 tomcat tomcat 7.3K Jun 18 09:13 catalina.2019-06-18.log
-rw-r----- 1 tomcat tomcat 0 Jun 14 09:38 localhost_access_log.2019-06-16.txt
-rw-r----- 1 tomcat tomcat 0 Jun 17 10:54 localhost_access_log.2019-06-17.txt
-rw-r----- 1 tomcat tomcat 0 Jun 18 09:13 localhost_access_log.2019-06-18.txt


I tried to run the following setup.

sudo bash setup-linux.sh -s nagioslogserver -p 5544 -f "/opt/tomcat/logs/localhost_access_log.*.txt" -t tomcat-access

But it only created the configuration files with the date it finds

/etc/rsyslog.d
[root@jira-server rsyslog.d]# ls -l | grep tomcat_logs_localhost
-rw-r--r-- 1 root root 801 Jun 13 12:29 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.2019-06-16.txt.conf
-rw-r--r-- 1 root root 801 Jun 13 12:29 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.2019-06-17.txt.conf


more 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.2019-06-16.txt.conf | grep InputFileName
$InputFileName /opt/tomcat/logs/localhost_access_log.2019-06-16.txt



how can I make rsyslog understand to monitor for example ?

localhost_access_log.2019-06-16.txt
localhost_access_log.2019-06-17.txt
localhost_access_log.2019-06-18.txt
...
..
catalina.2019-06-16.log
catalina.2019-06-17.log
catalina.2019-06-18.log
...

Thanks in advance
Nick
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: How to monitor log files that we change part of the name

Post by cdienger »

Edit one of the configs(the other configuration files can be removed) and change the input line to look like:

Code: Select all

$InputFileName /opt/tomcat/logs/localhost_access_log.*.txt
and then restart the rsyslogd service.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
nagioscarnovale
Posts: 20
Joined: Tue Feb 05, 2019 9:53 am

Re: How to monitor log files that we change part of the name

Post by nagioscarnovale »

Thanks so much for your reply.


In my configuration file below

this line is correct?
...........................................................................
$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt
...........................................................................

Thanks for the support


more 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.txt.conf

$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog

# Input for tomcat-access
$InputFileName /opt/tomcat/logs/localhost_access_log.*.txt
$InputFileTag tomcat-access:
$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor

# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'tomcat-access' then @@nagioslogserver:5544
if $programname == 'tomcat-access' then ~
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: How to monitor log files that we change part of the name

Post by cdienger »

I thought my initial test had worked but I was apparently mistaken. Try commenting out the statefile line which shouldn't be necessary on newer versions of rsyslog:

Code: Select all

$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog

# Input for tomcat-access
$InputFileName /opt/tomcat/logs/localhost_access_log.*.txt
$InputFileTag tomcat-access:
#$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor

# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'tomcat-access' then @@nagioslogserver:5544
if $programname == 'tomcat-access' then ~
I also got it to work with rainerscript formating:

Code: Select all

module(load="imfile" PollingInterval="10")

input(type="imfile" file="/opt/tomcat/logs/bob.*.txt" tag="tag" addMetadata="on")

action(type="omfwd" Target="192.168.55.3" Port="5544" Protocol="udp")
Wildcard functionality may not be available on all versions. Run "rsyslogd -v" to get the version number if it still isn't working. I tested with version 8.40.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Locked