Yes, I am using latest version of rsyslog i.e., 8.5 which support wildcards as per the slide below:
http://www.slideshare.net/rainergerhards1/using-wildcards-with-rsyslogs-file-monitor-imfile I am not getting what to build by --enable-imfile? But you can see my configuration in my previous responses. Can you also suggest me how to use kernel inotify mode instead of polling mode? Thanks, Shweta On Fri, Dec 30, 2016 at 3:23 PM, rsyslog-users mailing list [via rsyslog-users] <[email protected]> wrote: > Hi Shweta > > Have you built with --enable-imfile ? > > I'm not an expert on rsyslog, but I would suggest you a few things: > > - use new syntax > - use latest rsyslog version > > Then, perhaps I could help you... > > > El 30/12/16 a las 09:36, Shweta Jain escribió: > > > Any update? > > > > On Thu, Dec 29, 2016 at 6:37 PM, Shweta Jain <[hidden email] > <http:///user/SendEmail.jtp?type=node&node=7592064&i=0>> wrote: > > > >> Update: > >> > >> I tried as per link here: http://www.slideshare.net/ > rainergerhards1/using- > >> wildcards-with-rsyslogs-file-monitor-imfile > >> > >> I installed Rsyslog 8.5 using tarball. But it seems that file logs are > not > >> getting logged to Loggly. My system logs are successfully reaching to > >> Loggly using Rsyslog version 8.5. > >> > >> I am getting the below in my logs: > >> > >> invalid or yet-unknown config file command 'InputRunFileMonitor' - have > >> you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] > >> > >> > >> My configuration is: > >> > >> $ModLoad imfile > >> $InputFilePollInterval 10 > >> $WorkDirectory /var/spool/rsyslog > >> $PrivDropToGroup adm > >> > >> # File access file: > >> $InputFileName /shweta/file1.txt > >> $InputFileTag yoo > >> $InputFileStateFile stat-yoo > >> $InputFileSeverity info > >> $InputFilePersistStateInterval 20000 > >> $InputRunFileMonitor > >> #Add a tag for file events > >> template (name="LogglyFormatFileyoo" type="string" > >> string="<%pri%>%protocol-version% %timestamp:::date-rfc3339% > %HOSTNAME% > >> %app-name% %procid% %msgid% [d57950de-c677-4af7-aeee-b9647ea54b1c@41058 > >> tag=\"file\" ] %msg%\n") > >> if $programname == 'yoo' then action(type="omfwd" > >> protocol="tcp" target="logs-01.loggly.com" port="514" > >> template="LogglyFormatFileyoo") > >> if $programname == 'yoo' then ~ > >> > >> Is it using Polling mode or inotify? Where to set inotify mode? > >> > >> Quick response will be appreciated. > >> > >> Thanks, > >> Shweta > >> > >> > >> On Thu, Dec 29, 2016 at 4:21 PM, Shweta Jain <[hidden email] > <http:///user/SendEmail.jtp?type=node&node=7592064&i=1>> wrote: > >> > >>> Sorry I missed the link in my previous response: > >>> > >>> http://www.slideshare.net/rainergerhards1/using-wildcards- > >>> with-rsyslogs-file-monitor-imfile > >>> > >>> On Thu, Dec 29, 2016 at 4:06 PM, Shweta <[hidden email] > <http:///user/SendEmail.jtp?type=node&node=7592064&i=2>> wrote: > >>> > >>>> I did setup on ubuntu 12 with rsyslog version 8.23 but nothing get > logged > >>>> to my local as well as loggly. > >>>> > >>>> I also tried on ubuntu-16 with rsyslog version 8.5, but nothing is > >>>> getting > >>>> logged. > >>>> > >>>> Moreover , I went thorough the slide at the link below, where it is > >>>> mentioned to use inotify mode. Where to set inotify mode? > >>>> > >>>> My second issue is I am not able to log anything at /var/log/syslog. > >>>> Even i > >>>> am not seeing syslog file in /var/log. I have checked > /etc/rsyslog.conf > >>>> file but the line in that file is uncommented. > >>>> > >>>> Thanks for you quick response. > >>>> Shweta > >>>> > >>>> On Thu, Dec 29, 2016 at 2:09 PM, David Lang [via rsyslog-users] < > >>>> [hidden email] > <http:///user/SendEmail.jtp?type=node&node=7592064&i=3>> wrote: > >>>> > >>>>> you don't say what version you are running, the most current docs > are > >>>> at: > >>>>> http://www.rsyslog.com/doc/v8-stable/configuration/modules/ > imfile.html > >>>>> > >>>>> I'm not sure exactly when wildcards became supported, but I believe > it > >>>> was > >>>>> well > >>>>> into the 8.x series. > >>>>> > >>>>> David Lang > >>>>> > >>>>> On Wed, 28 Dec 2016, Shweta wrote: > >>>>> > >>>>>> Date: Wed, 28 Dec 2016 23:21:14 -0700 (MST) > >>>>>> From: Shweta <[hidden email] > >>>>> <http:///user/SendEmail.jtp?type=node&node=7592049&i=0>> > >>>>>> Reply-To: rsyslog-users <[hidden email] > >>>>> <http:///user/SendEmail.jtp?type=node&node=7592049&i=1>> > >>>>>> To: [hidden email] > >>>>> <http:///user/SendEmail.jtp?type=node&node=7592049&i=2> > >>>>>> Subject: [rsyslog] Wildcard Support to log all the file logs of a > >>>>> directory > >>>>>> Hi Support, > >>>>>> > >>>>>> I want to monitor file logs at Loggly. I have many files in a > >>>> directory > >>>>> and > >>>>>> want to monitor them all with a wildcard. I have a configuration > like > >>>>> below: > >>>>>> $ModLoad imfile > >>>>>> $InputFilePollInterval 10 > >>>>>> $PrivDropToGroup adm > >>>>>> $WorkDirectory /var/spool/rsyslog > >>>>>> > >>>>>> # Input for FILE1 > >>>>>> $InputFileName /FILE1 > >>>>>> $InputFileTag APPNAME1 > >>>>>> $InputFileStateFile stat-APPNAME1 #this must be unique for each > file > >>>>> being > >>>>>> polled > >>>>>> $InputFileSeverity info > >>>>>> $InputFilePersistStateInterval 20000 > >>>>>> $InputRunFileMonitor > >>>>>> > >>>>>> # Add a tag for file events > >>>>>> $template LogglyFormatFile,"<%pri%>%protocol-version% > >>>>>> %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% > >>>>>> [TOKEN@41058 tag=\"file\"] %msg%\n" > >>>>>> > >>>>>> # Send to Loggly then discard > >>>>>> if $programname == 'APPNAME1' then @@logs-01.loggly.com:514;Loggl > >>>> yFormatFile > >>>>>> if $programname == 'APPNAME1' then ~ > >>>>>> > >>>>>> What I want is to use wildcard as > >>>>>> > >>>>>> $InputFileName /directory/*.txt > >>>>>> > >>>>>> or $InputFileName /directory/* > >>>>>> > >>>>>> Please consider my case on priority. > >>>>>> > >>>>>> Thanks > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> View this message in context: http://rsyslog-users.1305293. > >>>>> n2.nabble.com/Wildcard-Support-to-log-all-the-file- > >>>>> logs-of-a-directory-tp7592048.html > >>>>>> Sent from the rsyslog-users mailing list archive at Nabble.com. > >>>>>> _______________________________________________ > >>>>>> rsyslog mailing list > >>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>>>>> http://www.rsyslog.com/professional-services/ > >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >>>> myriad > >>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you > >>>>> DON'T LIKE THAT. > >>>>> _______________________________________________ > >>>>> rsyslog mailing list > >>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>>>> http://www.rsyslog.com/professional-services/ > >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >>>> myriad > >>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you > >>>>> DON'T LIKE THAT. > >>>>> > >>>>> > >>>>> ------------------------------ > >>>>> If you reply to this email, your message will be added to the > >>>> discussion > >>>>> below: > >>>>> http://rsyslog-users.1305293.n2.nabble.com/Wildcard- > >>>>> Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592049.html > > >>>>> To unsubscribe from Wildcard Support to log all the file logs of a > >>>>> directory, click here > >>>>> <http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer > >>>> vlet.jtp?macro=unsubscribe_by_code&node=7592048&code=c2phaW5 > >>>> AbG9nZ2x5LmNvbXw3NTkyMDQ4fC02MDgzODE4NDg=> > >>>>> . > >>>>> NAML > >>>>> <http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer > >>>> vlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail > >>>> .naml&base=nabble.naml.namespaces.BasicNamespace-nabble. > >>>> view.web.template.NabbleNamespace-nabble.view.web.template. > >>>> NodeNamespace&breadcrumbs=notify_subscribers%21nabble% > >>>> 3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_ > >>>> instant_email%21nabble%3Aemail.naml> > >>>> > >>>> > >>>> -- > >>>> Thank you, > >>>> Shweta Jain > >>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> View this message in context: http://rsyslog-users.1305293.n > >>>> 2.nabble.com/Wildcard-Support-to-log-all-the-file-logs-of-a- > >>>> directory-tp7592048p7592053.html > >>>> Sent from the rsyslog-users mailing list archive at Nabble.com. > >>>> _______________________________________________ > >>>> rsyslog mailing list > >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>>> http://www.rsyslog.com/professional-services/ > >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you > >>>> DON'T LIKE THAT. > >>>> > >>> > >>> > >>> -- > >>> Thank you, > >>> Shweta Jain > >>> > >> > >> > >> -- > >> Thank you, > >> Shweta Jain > >> > > > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > http://rsyslog-users.1305293.n2.nabble.com/Wildcard- > Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592064.html > To unsubscribe from Wildcard Support to log all the file logs of a > directory, click here > <http://rsyslog-users.1305293.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7592048&code=c2phaW5AbG9nZ2x5LmNvbXw3NTkyMDQ4fC02MDgzODE4NDg=> > . > NAML > <http://rsyslog-users.1305293.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- Thank you, Shweta Jain -- View this message in context: http://rsyslog-users.1305293.n2.nabble.com/Wildcard-Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592065.html Sent from the rsyslog-users mailing list archive at Nabble.com. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
