Hi Shweta
Have you built with --enable-imfile ?
I'm not an expert on rsyslog, but I would suggest you a few things:
- use new syntax
- use latest rsyslog version
Then, perhaps I could help you...
El 30/12/16 a las 09:36, Shweta Jain escribió:
Any update?
On Thu, Dec 29, 2016 at 6:37 PM, Shweta Jain <[email protected]> wrote:
Update:
I tried as per link here: http://www.slideshare.net/rainergerhards1/using-
wildcards-with-rsyslogs-file-monitor-imfile
I installed Rsyslog 8.5 using tarball. But it seems that file logs are not
getting logged to Loggly. My system logs are successfully reaching to
Loggly using Rsyslog version 8.5.
I am getting the below in my logs:
invalid or yet-unknown config file command 'InputRunFileMonitor' - have
you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ]
My configuration is:
$ModLoad imfile
$InputFilePollInterval 10
$WorkDirectory /var/spool/rsyslog
$PrivDropToGroup adm
# File access file:
$InputFileName /shweta/file1.txt
$InputFileTag yoo
$InputFileStateFile stat-yoo
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
#Add a tag for file events
template (name="LogglyFormatFileyoo" type="string"
string="<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME%
%app-name% %procid% %msgid% [d57950de-c677-4af7-aeee-b9647ea54b1c@41058
tag=\"file\" ] %msg%\n")
if $programname == 'yoo' then action(type="omfwd"
protocol="tcp" target="logs-01.loggly.com" port="514"
template="LogglyFormatFileyoo")
if $programname == 'yoo' then ~
Is it using Polling mode or inotify? Where to set inotify mode?
Quick response will be appreciated.
Thanks,
Shweta
On Thu, Dec 29, 2016 at 4:21 PM, Shweta Jain <[email protected]> wrote:
Sorry I missed the link in my previous response:
http://www.slideshare.net/rainergerhards1/using-wildcards-
with-rsyslogs-file-monitor-imfile
On Thu, Dec 29, 2016 at 4:06 PM, Shweta <[email protected]> wrote:
I did setup on ubuntu 12 with rsyslog version 8.23 but nothing get logged
to my local as well as loggly.
I also tried on ubuntu-16 with rsyslog version 8.5, but nothing is
getting
logged.
Moreover , I went thorough the slide at the link below, where it is
mentioned to use inotify mode. Where to set inotify mode?
My second issue is I am not able to log anything at /var/log/syslog.
Even i
am not seeing syslog file in /var/log. I have checked /etc/rsyslog.conf
file but the line in that file is uncommented.
Thanks for you quick response.
Shweta
On Thu, Dec 29, 2016 at 2:09 PM, David Lang [via rsyslog-users] <
[email protected]> wrote:
you don't say what version you are running, the most current docs are
at:
http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html
I'm not sure exactly when wildcards became supported, but I believe it
was
well
into the 8.x series.
David Lang
On Wed, 28 Dec 2016, Shweta wrote:
Date: Wed, 28 Dec 2016 23:21:14 -0700 (MST)
From: Shweta <[hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592049&i=0>>
Reply-To: rsyslog-users <[hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592049&i=1>>
To: [hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592049&i=2>
Subject: [rsyslog] Wildcard Support to log all the file logs of a
directory
Hi Support,
I want to monitor file logs at Loggly. I have many files in a
directory
and
want to monitor them all with a wildcard. I have a configuration like
below:
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# Input for FILE1
$InputFileName /FILE1
$InputFileTag APPNAME1
$InputFileStateFile stat-APPNAME1 #this must be unique for each file
being
polled
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Add a tag for file events
$template LogglyFormatFile,"<%pri%>%protocol-version%
%timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid%
[TOKEN@41058 tag=\"file\"] %msg%\n"
# Send to Loggly then discard
if $programname == 'APPNAME1' then @@logs-01.loggly.com:514;Loggl
yFormatFile
if $programname == 'APPNAME1' then ~
What I want is to use wildcard as
$InputFileName /directory/*.txt
or $InputFileName /directory/*
Please consider my case on priority.
Thanks
--
View this message in context: http://rsyslog-users.1305293.
n2.nabble.com/Wildcard-Support-to-log-all-the-file-
logs-of-a-directory-tp7592048.html
Sent from the rsyslog-users mailing list archive at Nabble.com.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
------------------------------
If you reply to this email, your message will be added to the
discussion
below:
http://rsyslog-users.1305293.n2.nabble.com/Wildcard-
Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592049.html
To unsubscribe from Wildcard Support to log all the file logs of a
directory, click here
<http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer
vlet.jtp?macro=unsubscribe_by_code&node=7592048&code=c2phaW5
AbG9nZ2x5LmNvbXw3NTkyMDQ4fC02MDgzODE4NDg=>
.
NAML
<http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer
vlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail
.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.
view.web.template.NabbleNamespace-nabble.view.web.template.
NodeNamespace&breadcrumbs=notify_subscribers%21nabble%
3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_
instant_email%21nabble%3Aemail.naml>
--
Thank you,
Shweta Jain
--
View this message in context: http://rsyslog-users.1305293.n
2.nabble.com/Wildcard-Support-to-log-all-the-file-logs-of-a-
directory-tp7592048p7592053.html
Sent from the rsyslog-users mailing list archive at Nabble.com.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
--
Thank you,
Shweta Jain
--
Thank you,
Shweta Jain
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
