Page 1 of 1
Monitoring JAVA logs
Posted: Fri Oct 31, 2014 1:00 pm
by vmesquita
hello,
We are trying to integrate a Java log into Log Server. We found some documentation on how to set up a filter for log stash, but we didn't manage to adapt it with Nagios Log Server. The information can be found here:
https://gist.github.com/smougenot/3182192
Essentially we would like to be able to parse multiline Java logs. How can we do this?
Re: Monitoring JAVA logs
Posted: Fri Oct 31, 2014 1:26 pm
by sreinhardt
I think we have a fairly good idea of how this filter is or should be working, and can see where it would break apart the top line from the rest of the lines. Could you provide an example or two from your system so that we can make sure it matches correctly when we are done?
Re: Monitoring JAVA logs
Posted: Mon Nov 03, 2014 1:44 pm
by vmesquita
Sure, here you are.
Re: Monitoring JAVA logs
Posted: Mon Nov 03, 2014 5:59 pm
by sreinhardt
Thanks! I'll test out my thoughts on it and hopefully have an updated filter for you soon!
Re: Monitoring JAVA logs
Posted: Mon Dec 01, 2014 9:15 am
by globalgiving
Has there been an update on this? I am also interested in properly capturing multiline Java logs
Re: Monitoring JAVA logs
Posted: Mon Dec 01, 2014 1:23 pm
by cmerchant
I found this link referring to multi-line java log entries from a rsyslog mail list:
http://lists.adiscon.net/pipermail/rsys ... 028813.htm
You want to use the following in your rsyslog.conf for the java logs:
the setting is $InputFileReadMode
0 = default, line based
1 = indented
2 = paragraph
this will append the indented lines following the first java log entry with an octal character on the first log entry.
You need to handle the multiine input at the sender side by inserting this into your rsyslog.conf (or tomcat.conf):
and restarting rsyslogd