Hey everyone,
I have the problem of monitoring "TOMCAT" files whose name changes every day
/opt/tomcat/logs/ # ls -la
-rw-r----- 1 tomcat tomcat 7.3K Jun 14 09:38 catalina.2019-06-16.log
-rw-r----- 1 tomcat tomcat 7.3K Jun 17 10:54 catalina.2019-06-17.log
-rw-r----- 1 tomcat tomcat 7.3K Jun 18 09:13 catalina.2019-06-18.log
-rw-r----- 1 tomcat tomcat 0 Jun 14 09:38 localhost_access_log.2019-06-16.txt
-rw-r----- 1 tomcat tomcat 0 Jun 17 10:54 localhost_access_log.2019-06-17.txt
-rw-r----- 1 tomcat tomcat 0 Jun 18 09:13 localhost_access_log.2019-06-18.txt
I tried to run the following setup.
sudo bash setup-linux.sh -s nagioslogserver -p 5544 -f "/opt/tomcat/logs/localhost_access_log.*.txt" -t tomcat-access
But it only created the configuration files with the date it finds
/etc/rsyslog.d
[root@jira-server rsyslog.d]# ls -l | grep tomcat_logs_localhost
-rw-r--r-- 1 root root 801 Jun 13 12:29 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.2019-06-16.txt.conf
-rw-r--r-- 1 root root 801 Jun 13 12:29 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.2019-06-17.txt.conf
more 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.2019-06-16.txt.conf | grep InputFileName
$InputFileName /opt/tomcat/logs/localhost_access_log.2019-06-16.txt
how can I make rsyslog understand to monitor for example ?
localhost_access_log.2019-06-16.txt
localhost_access_log.2019-06-17.txt
localhost_access_log.2019-06-18.txt
...
..
catalina.2019-06-16.log
catalina.2019-06-17.log
catalina.2019-06-18.log
...
Thanks in advance
Nick
How to monitor log files that we change part of the name
-
- Posts: 20
- Joined: Tue Feb 05, 2019 9:53 am
Re: How to monitor log files that we change part of the name
Edit one of the configs(the other configuration files can be removed) and change the input line to look like:
and then restart the rsyslogd service.
Code: Select all
$InputFileName /opt/tomcat/logs/localhost_access_log.*.txt
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 20
- Joined: Tue Feb 05, 2019 9:53 am
Re: How to monitor log files that we change part of the name
Thanks so much for your reply.
In my configuration file below
this line is correct?
...........................................................................
$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt
...........................................................................
Thanks for the support
more 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.txt.conf
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog
# Input for tomcat-access
$InputFileName /opt/tomcat/logs/localhost_access_log.*.txt
$InputFileTag tomcat-access:
$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'tomcat-access' then @@nagioslogserver:5544
if $programname == 'tomcat-access' then ~
In my configuration file below
this line is correct?
...........................................................................
$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt
...........................................................................
Thanks for the support
more 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.txt.conf
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog
# Input for tomcat-access
$InputFileName /opt/tomcat/logs/localhost_access_log.*.txt
$InputFileTag tomcat-access:
$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'tomcat-access' then @@nagioslogserver:5544
if $programname == 'tomcat-access' then ~
Re: How to monitor log files that we change part of the name
I thought my initial test had worked but I was apparently mistaken. Try commenting out the statefile line which shouldn't be necessary on newer versions of rsyslog:
I also got it to work with rainerscript formating:
Wildcard functionality may not be available on all versions. Run "rsyslogd -v" to get the version number if it still isn't working. I tested with version 8.40.
Code: Select all
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog
# Input for tomcat-access
$InputFileName /opt/tomcat/logs/localhost_access_log.*.txt
$InputFileTag tomcat-access:
#$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'tomcat-access' then @@nagioslogserver:5544
if $programname == 'tomcat-access' then ~
Code: Select all
module(load="imfile" PollingInterval="10")
input(type="imfile" file="/opt/tomcat/logs/bob.*.txt" tag="tag" addMetadata="on")
action(type="omfwd" Target="192.168.55.3" Port="5544" Protocol="udp")
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.