Hello,
I am new to Graylog and looking for suggestions on how to get rotating log
files (text files) into Graylog2. I have several apps that use rotating log
files, these apps are not syslog capable, and the format of their log files
cannot be altered. Here's an example of how they are named:
ftp-02-08-2016.log
ftp-02-09-2016.log
ftp-02-10-2016.log
Every night at approximately midnight (it could be a few seconds
afterwards), the app starts a new log file with the date in it. This makes
it difficult to send the file through to Graylog2 using rsyslog. Originally
I considered having a script on a cron job run every night at the same time:
OUTPUT="$(date +'%d'_'%m'_'%Y')"
ln -sf /var/log/ftp-"${OUTPUT}".log /var/log/ftp-symlink.log
This would allow me to easily add ftp-symlink.log in my rsyslog.conf
instead of using the file name with a date in it, but it is a messy
solution - if the cron job runs a few seconds after the file rotates then
log entries are lost. Before I try to proceed any further I thought I would
check in with the community - surely someone else has encountered this
problem? How can you reliably deal with rotating text log files?
Any suggestions are welcomed.
Thanks in advance!
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/cba6379b-071a-43f1-9702-ad9ca78e2479%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
