Any update? On Thu, Dec 29, 2016 at 6:37 PM, Shweta Jain <[email protected]> wrote:
> Update: > > I tried as per link here: http://www.slideshare.net/rainergerhards1/using- > wildcards-with-rsyslogs-file-monitor-imfile > > I installed Rsyslog 8.5 using tarball. But it seems that file logs are not > getting logged to Loggly. My system logs are successfully reaching to > Loggly using Rsyslog version 8.5. > > I am getting the below in my logs: > > invalid or yet-unknown config file command 'InputRunFileMonitor' - have > you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] > > > My configuration is: > > $ModLoad imfile > $InputFilePollInterval 10 > $WorkDirectory /var/spool/rsyslog > $PrivDropToGroup adm > > # File access file: > $InputFileName /shweta/file1.txt > $InputFileTag yoo > $InputFileStateFile stat-yoo > $InputFileSeverity info > $InputFilePersistStateInterval 20000 > $InputRunFileMonitor > #Add a tag for file events > template (name="LogglyFormatFileyoo" type="string" > string="<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% > %app-name% %procid% %msgid% [d57950de-c677-4af7-aeee-b9647ea54b1c@41058 > tag=\"file\" ] %msg%\n") > if $programname == 'yoo' then action(type="omfwd" > protocol="tcp" target="logs-01.loggly.com" port="514" > template="LogglyFormatFileyoo") > if $programname == 'yoo' then ~ > > Is it using Polling mode or inotify? Where to set inotify mode? > > Quick response will be appreciated. > > Thanks, > Shweta > > > On Thu, Dec 29, 2016 at 4:21 PM, Shweta Jain <[email protected]> wrote: > >> Sorry I missed the link in my previous response: >> >> http://www.slideshare.net/rainergerhards1/using-wildcards- >> with-rsyslogs-file-monitor-imfile >> >> On Thu, Dec 29, 2016 at 4:06 PM, Shweta <[email protected]> wrote: >> >>> I did setup on ubuntu 12 with rsyslog version 8.23 but nothing get logged >>> to my local as well as loggly. >>> >>> I also tried on ubuntu-16 with rsyslog version 8.5, but nothing is >>> getting >>> logged. >>> >>> Moreover , I went thorough the slide at the link below, where it is >>> mentioned to use inotify mode. Where to set inotify mode? >>> >>> My second issue is I am not able to log anything at /var/log/syslog. >>> Even i >>> am not seeing syslog file in /var/log. I have checked /etc/rsyslog.conf >>> file but the line in that file is uncommented. >>> >>> Thanks for you quick response. >>> Shweta >>> >>> On Thu, Dec 29, 2016 at 2:09 PM, David Lang [via rsyslog-users] < >>> [email protected]> wrote: >>> >>> > you don't say what version you are running, the most current docs are >>> at: >>> > http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html >>> > >>> > I'm not sure exactly when wildcards became supported, but I believe it >>> was >>> > well >>> > into the 8.x series. >>> > >>> > David Lang >>> > >>> > On Wed, 28 Dec 2016, Shweta wrote: >>> > >>> > > Date: Wed, 28 Dec 2016 23:21:14 -0700 (MST) >>> > > From: Shweta <[hidden email] >>> > <http:///user/SendEmail.jtp?type=node&node=7592049&i=0>> >>> > > Reply-To: rsyslog-users <[hidden email] >>> > <http:///user/SendEmail.jtp?type=node&node=7592049&i=1>> >>> > > To: [hidden email] >>> > <http:///user/SendEmail.jtp?type=node&node=7592049&i=2> >>> > > Subject: [rsyslog] Wildcard Support to log all the file logs of a >>> > directory >>> > > >>> > > Hi Support, >>> > > >>> > > I want to monitor file logs at Loggly. I have many files in a >>> directory >>> > and >>> > > want to monitor them all with a wildcard. I have a configuration like >>> > below: >>> > > >>> > > $ModLoad imfile >>> > > $InputFilePollInterval 10 >>> > > $PrivDropToGroup adm >>> > > $WorkDirectory /var/spool/rsyslog >>> > > >>> > > # Input for FILE1 >>> > > $InputFileName /FILE1 >>> > > $InputFileTag APPNAME1 >>> > > $InputFileStateFile stat-APPNAME1 #this must be unique for each file >>> > being >>> > > polled >>> > > $InputFileSeverity info >>> > > $InputFilePersistStateInterval 20000 >>> > > $InputRunFileMonitor >>> > > >>> > > # Add a tag for file events >>> > > $template LogglyFormatFile,"<%pri%>%protocol-version% >>> > > %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% >>> > > [TOKEN@41058 tag=\"file\"] %msg%\n" >>> > > >>> > > # Send to Loggly then discard >>> > > if $programname == 'APPNAME1' then @@logs-01.loggly.com:514;Loggl >>> yFormatFile >>> > >>> > > if $programname == 'APPNAME1' then ~ >>> > > >>> > > What I want is to use wildcard as >>> > > >>> > > $InputFileName /directory/*.txt >>> > > >>> > > or $InputFileName /directory/* >>> > > >>> > > Please consider my case on priority. >>> > > >>> > > Thanks >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > -- >>> > > View this message in context: http://rsyslog-users.1305293. >>> > n2.nabble.com/Wildcard-Support-to-log-all-the-file- >>> > logs-of-a-directory-tp7592048.html >>> > > Sent from the rsyslog-users mailing list archive at Nabble.com. >>> > > _______________________________________________ >>> > > rsyslog mailing list >>> > > http://lists.adiscon.net/mailman/listinfo/rsyslog >>> > > http://www.rsyslog.com/professional-services/ >>> > > What's up with rsyslog? Follow https://twitter.com/rgerhards >>> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>> myriad >>> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> > DON'T LIKE THAT. >>> > > >>> > _______________________________________________ >>> > rsyslog mailing list >>> > http://lists.adiscon.net/mailman/listinfo/rsyslog >>> > http://www.rsyslog.com/professional-services/ >>> > What's up with rsyslog? Follow https://twitter.com/rgerhards >>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>> myriad >>> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> > DON'T LIKE THAT. >>> > >>> > >>> > ------------------------------ >>> > If you reply to this email, your message will be added to the >>> discussion >>> > below: >>> > http://rsyslog-users.1305293.n2.nabble.com/Wildcard- >>> > Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592049.html >>> > To unsubscribe from Wildcard Support to log all the file logs of a >>> > directory, click here >>> > <http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer >>> vlet.jtp?macro=unsubscribe_by_code&node=7592048&code=c2phaW5 >>> AbG9nZ2x5LmNvbXw3NTkyMDQ4fC02MDgzODE4NDg=> >>> > . >>> > NAML >>> > <http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer >>> vlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail >>> .naml&base=nabble.naml.namespaces.BasicNamespace-nabble. >>> view.web.template.NabbleNamespace-nabble.view.web.template. >>> NodeNamespace&breadcrumbs=notify_subscribers%21nabble% >>> 3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_ >>> instant_email%21nabble%3Aemail.naml> >>> > >>> >>> >>> >>> -- >>> Thank you, >>> Shweta Jain >>> >>> >>> >>> >>> -- >>> View this message in context: http://rsyslog-users.1305293.n >>> 2.nabble.com/Wildcard-Support-to-log-all-the-file-logs-of-a- >>> directory-tp7592048p7592053.html >>> Sent from the rsyslog-users mailing list archive at Nabble.com. >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>> DON'T LIKE THAT. >>> >> >> >> >> -- >> Thank you, >> Shweta Jain >> > > > > -- > Thank you, > Shweta Jain > -- Thank you, Shweta Jain _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
