Page 1 of 1
parse application logs to syslog
Posted: Fri Apr 05, 2019 4:09 am
by lukedevon
Hi,
I have some application logs which are regularly updating with the real-time logs. Which means continuously appending logs data to the particular log file. I want to pass these logs to syslogs as syslogs already sending to Nagios Log server.
Can you please give me a little guide on how to parse such application logs to syslog?
Thank you
Luke.
Re: parse application logs to syslog
Posted: Fri Apr 05, 2019 7:47 am
by scottwilkerson
If you go to the Green "Add Log Source" then click on "Linux files" under "File Monitoring" section it will give instructions for sending logs from a specific file on your system.
Re: parse application logs to syslog
Posted: Tue Apr 09, 2019 11:04 am
by lukedevon
Hi
Thanks for the input. I have been using Nagios LS since long back and I am quite familiar with all these steps. However my requirement is different,
I have a couple of application and services logs. Some of them are JSON format compatible and others are general log files. The objective is I want to send these logs to NLS over syslog or any other way.
If I explain a little about the nature of these logs,
app1_date_time_randomID.log --> appending logs to this file until the file size becomes 100MB. After that, it compressed into .gz and create a new log file with app1_newdate_newtime_newrandomID.log....so on.
Since the log files are rotating, rather than injecting archived files to NLS, how can we add these logs to NLS real time? It is very important to capture real-time logs.
Thank you
Luke
Re: parse application logs to syslog
Posted: Tue Apr 09, 2019 5:02 pm
by ssax
I see what you're saying, are you using rsyslog or just syslog?
We'll need to configure it to understand the rotate/rename.
Re: parse application logs to syslog
Posted: Tue Apr 09, 2019 8:28 pm
by lukedevon
Hi
I am using mainly rsyslog. But some appservers having syslog. I am unable to install rsyslog for those servers as I dont have permission to install.
Thank you
Luke.
Re: parse application logs to syslog
Posted: Wed Apr 10, 2019 1:38 pm
by ssax
Ok, so if you follow scottwilkerson's instructions it will show you an example of how to configure it, you could do something like this for rsyslog:
Code: Select all
curl -sS -O http://X.X.X.X/nagioslogserver/scripts/setup-linux.sh
sudo bash setup-linux.sh -s X.X.X.X -p 5544 -f "/path/to/your/file/app1_*.log" -t APP1
That would work because there is only one
app1_*.log file in that directory because the others end in
.tar.gz.
I am unable to install rsyslog for those servers as I dont have permission to install.
Can you get permission? Are you running syslog-ng on those servers that don't have rsyslog?