Nagios Support Forum

Hey everyone,

I have the problem of monitoring "TOMCAT" files whose name changes every day
/opt/tomcat/logs/ # ls -la

-rw-r----- 1 tomcat tomcat 7.3K Jun 14 09:38 catalina.2019-06-16.log
-rw-r----- 1 tomcat tomcat 7.3K Jun 17 10:54 catalina.2019-06-17.log
-rw-r----- 1 tomcat tomcat 7.3K Jun 18 09:13 catalina.2019-06-18.log
-rw-r----- 1 tomcat tomcat 0 Jun 14 09:38 localhost_access_log.2019-06-16.txt
-rw-r----- 1 tomcat tomcat 0 Jun 17 10:54 localhost_access_log.2019-06-17.txt
-rw-r----- 1 tomcat tomcat 0 Jun 18 09:13 localhost_access_log.2019-06-18.txt


I tried to run the following setup.

sudo bash setup-linux.sh -s nagioslogserver -p 5544 -f "/opt/tomcat/logs/localhost_access_log.*.txt" -t tomcat-access

But it only created the configuration files with the date it finds

/etc/rsyslog.d
[root@jira-server rsyslog.d]# ls -l | grep tomcat_logs_localhost
-rw-r--r-- 1 root root 801 Jun 13 12:29 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.2019-06-16.txt.conf
-rw-r--r-- 1 root root 801 Jun 13 12:29 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.2019-06-17.txt.conf


more 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.2019-06-16.txt.conf | grep InputFileName
$InputFileName /opt/tomcat/logs/localhost_access_log.2019-06-16.txt



how can I make rsyslog understand to monitor for example ?

localhost_access_log.2019-06-16.txt
localhost_access_log.2019-06-17.txt
localhost_access_log.2019-06-18.txt
...
..
catalina.2019-06-16.log
catalina.2019-06-17.log
catalina.2019-06-18.log
...

Thanks in advance
Nick

Edit one of the configs(the other configuration files can be removed) and change the input line to look like:
and then restart the rsyslogd service.

Thanks so much for your reply.


In my configuration file below

this line is correct?
...........................................................................
$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt
...........................................................................

Thanks for the support


more 90-nagioslogserver_opt_tomcat_logs_localhost_access_log.txt.conf

$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/lib/rsyslog

# Input for tomcat-access
$InputFileName /opt/tomcat/logs/localhost_access_log.*.txt
$InputFileTag tomcat-access:
$InputFileStateFile nls-state-opt_tomcat_logs_localhost_access_log.txt # Must be unique for each file being polled
# Uncomment the folowing line to override the default severity for messages
# from this file.
#$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor

# Forward to Nagios Log Server and then discard, otherwise these messages
# will end up in the syslog file (/var/log/messages) unless there are other
# overriding rules.
if $programname == 'tomcat-access' then @@nagioslogserver:5544
if $programname == 'tomcat-access' then ~

I thought my initial test had worked but I was apparently mistaken. Try commenting out the statefile line which shouldn't be necessary on newer versions of rsyslog:
I also got it to work with rainerscript formating:
Wildcard functionality may not be available on all versions. Run "rsyslogd -v" to get the version number if it still isn't working. I tested with version 8.40.