Hi Dennis, while it's still not optimal, you could use some program like incron ( http://inotify.aiken.cz/?section=incron&page=about) to trigger your symlinking script as soon as a new file has been created in the log directory of your legacy application.
Alternatively you could use some third-party agent like nxlog (https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html#im_file), filebeat (https://www.elastic.co/guide/en/beats/filebeat/1.1/index.html), or logstash (https://www.elastic.co/guide/en/logstash/2.2/plugins-inputs-file.html), all of which are supporting globbing (i. e. using wildcards) in their file-based inputs. Cheers, Jochen On Wednesday, 10 February 2016 16:44:02 UTC+1, Dennis Seaton wrote: > > Hello, > > I am new to Graylog and looking for suggestions on how to get rotating log > files (text files) into Graylog2. I have several apps that use rotating log > files, these apps are not syslog capable, and the format of their log files > cannot be altered. Here's an example of how they are named: > > ftp-02-08-2016.log > ftp-02-09-2016.log > ftp-02-10-2016.log > > Every night at approximately midnight (it could be a few seconds > afterwards), the app starts a new log file with the date in it. This makes > it difficult to send the file through to Graylog2 using rsyslog. Originally > I considered having a script on a cron job run every night at the same time: > > OUTPUT="$(date +'%d'_'%m'_'%Y')" > > ln -sf /var/log/ftp-"${OUTPUT}".log /var/log/ftp-symlink.log > > > This would allow me to easily add ftp-symlink.log in my rsyslog.conf > instead of using the file name with a date in it, but it is a messy > solution - if the cron job runs a few seconds after the file rotates then > log entries are lost. Before I try to proceed any further I thought I would > check in with the community - surely someone else has encountered this > problem? How can you reliably deal with rotating text log files? > > > Any suggestions are welcomed. > > > > Thanks in advance! > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/00b017b5-f51f-4e18-8004-ceed44fc661e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
