Update: I tried as per link here: http://www.slideshare.net/rainergerhards1/using-wildcards-with-rsyslogs-file-monitor-imfile
I installed Rsyslog 8.5 using tarball. But it seems that file logs are not getting logged to Loggly. My system logs are successfully reaching to Loggly using Rsyslog version 8.5. I am getting the below in my logs: invalid or yet-unknown config file command 'InputRunFileMonitor' - have you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] My configuration is: $ModLoad imfile $InputFilePollInterval 10 $WorkDirectory /var/spool/rsyslog $PrivDropToGroup adm # File access file: $InputFileName /shweta/file1.txt $InputFileTag yoo $InputFileStateFile stat-yoo $InputFileSeverity info $InputFilePersistStateInterval 20000 $InputRunFileMonitor #Add a tag for file events template (name="LogglyFormatFileyoo" type="string" string="<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [d57950de-c677-4af7-aeee-b9647ea54b1c@41058 tag=\"file\" ] %msg%\n") if $programname == 'yoo' then action(type="omfwd" protocol="tcp" target="logs-01.loggly.com" port="514" template="LogglyFormatFileyoo") if $programname == 'yoo' then ~ Is it using Polling mode or inotify? Where to set inotify mode? Quick response will be appreciated. Thanks, Shweta On Thu, Dec 29, 2016 at 4:21 PM, Shweta Jain <[email protected]> wrote: > Sorry I missed the link in my previous response: > > http://www.slideshare.net/rainergerhards1/using- > wildcards-with-rsyslogs-file-monitor-imfile > > On Thu, Dec 29, 2016 at 4:06 PM, Shweta <[email protected]> wrote: > >> I did setup on ubuntu 12 with rsyslog version 8.23 but nothing get logged >> to my local as well as loggly. >> >> I also tried on ubuntu-16 with rsyslog version 8.5, but nothing is getting >> logged. >> >> Moreover , I went thorough the slide at the link below, where it is >> mentioned to use inotify mode. Where to set inotify mode? >> >> My second issue is I am not able to log anything at /var/log/syslog. Even >> i >> am not seeing syslog file in /var/log. I have checked /etc/rsyslog.conf >> file but the line in that file is uncommented. >> >> Thanks for you quick response. >> Shweta >> >> On Thu, Dec 29, 2016 at 2:09 PM, David Lang [via rsyslog-users] < >> [email protected]> wrote: >> >> > you don't say what version you are running, the most current docs are >> at: >> > http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html >> > >> > I'm not sure exactly when wildcards became supported, but I believe it >> was >> > well >> > into the 8.x series. >> > >> > David Lang >> > >> > On Wed, 28 Dec 2016, Shweta wrote: >> > >> > > Date: Wed, 28 Dec 2016 23:21:14 -0700 (MST) >> > > From: Shweta <[hidden email] >> > <http:///user/SendEmail.jtp?type=node&node=7592049&i=0>> >> > > Reply-To: rsyslog-users <[hidden email] >> > <http:///user/SendEmail.jtp?type=node&node=7592049&i=1>> >> > > To: [hidden email] >> > <http:///user/SendEmail.jtp?type=node&node=7592049&i=2> >> > > Subject: [rsyslog] Wildcard Support to log all the file logs of a >> > directory >> > > >> > > Hi Support, >> > > >> > > I want to monitor file logs at Loggly. I have many files in a >> directory >> > and >> > > want to monitor them all with a wildcard. I have a configuration like >> > below: >> > > >> > > $ModLoad imfile >> > > $InputFilePollInterval 10 >> > > $PrivDropToGroup adm >> > > $WorkDirectory /var/spool/rsyslog >> > > >> > > # Input for FILE1 >> > > $InputFileName /FILE1 >> > > $InputFileTag APPNAME1 >> > > $InputFileStateFile stat-APPNAME1 #this must be unique for each file >> > being >> > > polled >> > > $InputFileSeverity info >> > > $InputFilePersistStateInterval 20000 >> > > $InputRunFileMonitor >> > > >> > > # Add a tag for file events >> > > $template LogglyFormatFile,"<%pri%>%protocol-version% >> > > %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% >> > > [TOKEN@41058 tag=\"file\"] %msg%\n" >> > > >> > > # Send to Loggly then discard >> > > if $programname == 'APPNAME1' then @@logs-01.loggly.com:514;Loggl >> yFormatFile >> > >> > > if $programname == 'APPNAME1' then ~ >> > > >> > > What I want is to use wildcard as >> > > >> > > $InputFileName /directory/*.txt >> > > >> > > or $InputFileName /directory/* >> > > >> > > Please consider my case on priority. >> > > >> > > Thanks >> > > >> > > >> > > >> > > >> > > >> > > -- >> > > View this message in context: http://rsyslog-users.1305293. >> > n2.nabble.com/Wildcard-Support-to-log-all-the-file- >> > logs-of-a-directory-tp7592048.html >> > > Sent from the rsyslog-users mailing list archive at Nabble.com. >> > > _______________________________________________ >> > > rsyslog mailing list >> > > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > > http://www.rsyslog.com/professional-services/ >> > > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> > DON'T LIKE THAT. >> > > >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> > DON'T LIKE THAT. >> > >> > >> > ------------------------------ >> > If you reply to this email, your message will be added to the discussion >> > below: >> > http://rsyslog-users.1305293.n2.nabble.com/Wildcard- >> > Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592049.html >> > To unsubscribe from Wildcard Support to log all the file logs of a >> > directory, click here >> > <http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer >> vlet.jtp?macro=unsubscribe_by_code&node=7592048&code=c2phaW5 >> AbG9nZ2x5LmNvbXw3NTkyMDQ4fC02MDgzODE4NDg=> >> > . >> > NAML >> > <http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer >> vlet.jtp?macro=macro_viewer&id=instant_html%21nabble% >> 3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace- >> nabble.view.web.template.NabbleNamespace-nabble.view. >> web.template.NodeNamespace&breadcrumbs=notify_ >> subscribers%21nabble%3Aemail.naml-instant_emails%21nabble% >> 3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> >> > >> >> >> >> -- >> Thank you, >> Shweta Jain >> >> >> >> >> -- >> View this message in context: http://rsyslog-users.1305293.n >> 2.nabble.com/Wildcard-Support-to-log-all-the-file-logs-of-a- >> directory-tp7592048p7592053.html >> Sent from the rsyslog-users mailing list archive at Nabble.com. >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > > > > -- > Thank you, > Shweta Jain > -- Thank you, Shweta Jain _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
