Thank you for your response. I also tried file monitoring using the Wildcard on Rsyslog version 8.23. The directory had 4 files (file1.txt, file2.txt, file3.txt, file4.log).
The file path I passed was /directory/*.txt But only file1.txt logs reaches to loggly. What can I do to make wildcard working. Additionally, I have verified that the kernel of my machine is inotify supportable. On Fri, Dec 30, 2016 at 3:36 PM, rsyslog-users mailing list [via rsyslog-users] <[email protected]> wrote: > Latest rsyslog version is 8.23 > http://www.rsyslog.com/downloads/download-v8-stable/ > > AFAIK, in order to use imfile, you should run ./configure > --enable-imfile before building source > > IIRC, inotify is set by default on recent versions > > > El 30/12/16 a las 11:03, Shweta escribió: > > > Yes, I am using latest version of rsyslog i.e., 8.5 which support > wildcards > > as per the slide below: > > > > http://www.slideshare.net/rainergerhards1/using- > wildcards-with-rsyslogs-file-monitor-imfile > > > > I am not getting what to build by --enable-imfile? > > > > But you can see my configuration in my previous responses. Can you also > > suggest me how to use kernel inotify mode instead of polling mode? > > > > Thanks, > > Shweta > > > > > > On Fri, Dec 30, 2016 at 3:23 PM, rsyslog-users mailing list [via > > rsyslog-users] <[hidden email] > <http:///user/SendEmail.jtp?type=node&node=7592066&i=0>> wrote: > > > >> Hi Shweta > >> > >> Have you built with --enable-imfile ? > >> > >> I'm not an expert on rsyslog, but I would suggest you a few things: > >> > >> - use new syntax > >> - use latest rsyslog version > >> > >> Then, perhaps I could help you... > >> > >> > >> El 30/12/16 a las 09:36, Shweta Jain escribió: > >> > >>> Any update? > >>> > >>> On Thu, Dec 29, 2016 at 6:37 PM, Shweta Jain <[hidden email] > >> <http:///user/SendEmail.jtp?type=node&node=7592064&i=0>> wrote: > >>>> Update: > >>>> > >>>> I tried as per link here: http://www.slideshare.net/ > >> rainergerhards1/using- > >>>> wildcards-with-rsyslogs-file-monitor-imfile > >>>> > >>>> I installed Rsyslog 8.5 using tarball. But it seems that file logs > are > >> not > >>>> getting logged to Loggly. My system logs are successfully reaching to > >>>> Loggly using Rsyslog version 8.5. > >>>> > >>>> I am getting the below in my logs: > >>>> > >>>> invalid or yet-unknown config file command 'InputRunFileMonitor' - > have > >>>> you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ] > >>>> > >>>> > >>>> My configuration is: > >>>> > >>>> $ModLoad imfile > >>>> $InputFilePollInterval 10 > >>>> $WorkDirectory /var/spool/rsyslog > >>>> $PrivDropToGroup adm > >>>> > >>>> # File access file: > >>>> $InputFileName /shweta/file1.txt > >>>> $InputFileTag yoo > >>>> $InputFileStateFile stat-yoo > >>>> $InputFileSeverity info > >>>> $InputFilePersistStateInterval 20000 > >>>> $InputRunFileMonitor > >>>> #Add a tag for file events > >>>> template (name="LogglyFormatFileyoo" type="string" > >>>> string="<%pri%>%protocol-version% %timestamp:::date-rfc3339% > >> %HOSTNAME% > >>>> %app-name% %procid% %msgid% [d57950de-c677-4af7-aeee- > b9647ea54b1c@41058 > >>>> tag=\"file\" ] %msg%\n") > >>>> if $programname == 'yoo' then action(type="omfwd" > >>>> protocol="tcp" target="logs-01.loggly.com" port="514" > >>>> template="LogglyFormatFileyoo") > >>>> if $programname == 'yoo' then ~ > >>>> > >>>> Is it using Polling mode or inotify? Where to set inotify mode? > >>>> > >>>> Quick response will be appreciated. > >>>> > >>>> Thanks, > >>>> Shweta > >>>> > >>>> > >>>> On Thu, Dec 29, 2016 at 4:21 PM, Shweta Jain <[hidden email] > >> <http:///user/SendEmail.jtp?type=node&node=7592064&i=1>> wrote: > >>>>> Sorry I missed the link in my previous response: > >>>>> > >>>>> http://www.slideshare.net/rainergerhards1/using-wildcards- > >>>>> with-rsyslogs-file-monitor-imfile > >>>>> > >>>>> On Thu, Dec 29, 2016 at 4:06 PM, Shweta <[hidden email] > >> <http:///user/SendEmail.jtp?type=node&node=7592064&i=2>> wrote: > >>>>>> I did setup on ubuntu 12 with rsyslog version 8.23 but nothing get > >> logged > >>>>>> to my local as well as loggly. > >>>>>> > >>>>>> I also tried on ubuntu-16 with rsyslog version 8.5, but nothing is > >>>>>> getting > >>>>>> logged. > >>>>>> > >>>>>> Moreover , I went thorough the slide at the link below, where it is > >>>>>> mentioned to use inotify mode. Where to set inotify mode? > >>>>>> > >>>>>> My second issue is I am not able to log anything at > /var/log/syslog. > >>>>>> Even i > >>>>>> am not seeing syslog file in /var/log. I have checked > >> /etc/rsyslog.conf > >>>>>> file but the line in that file is uncommented. > >>>>>> > >>>>>> Thanks for you quick response. > >>>>>> Shweta > >>>>>> > >>>>>> On Thu, Dec 29, 2016 at 2:09 PM, David Lang [via rsyslog-users] < > >>>>>> [hidden email] > >> <http:///user/SendEmail.jtp?type=node&node=7592064&i=3>> wrote: > >>>>>>> you don't say what version you are running, the most current docs > >> are > >>>>>> at: > >>>>>>> http://www.rsyslog.com/doc/v8-stable/configuration/modules/ > >> imfile.html > >>>>>>> I'm not sure exactly when wildcards became supported, but I > believe > >> it > >>>>>> was > >>>>>>> well > >>>>>>> into the 8.x series. > >>>>>>> > >>>>>>> David Lang > >>>>>>> > >>>>>>> On Wed, 28 Dec 2016, Shweta wrote: > >>>>>>> > >>>>>>>> Date: Wed, 28 Dec 2016 23:21:14 -0700 (MST) > >>>>>>>> From: Shweta <[hidden email] > >>>>>>> <http:///user/SendEmail.jtp?type=node&node=7592049&i=0>> > >>>>>>>> Reply-To: rsyslog-users <[hidden email] > >>>>>>> <http:///user/SendEmail.jtp?type=node&node=7592049&i=1>> > >>>>>>>> To: [hidden email] > >>>>>>> <http:///user/SendEmail.jtp?type=node&node=7592049&i=2> > >>>>>>>> Subject: [rsyslog] Wildcard Support to log all the file logs of a > >>>>>>> directory > >>>>>>>> Hi Support, > >>>>>>>> > >>>>>>>> I want to monitor file logs at Loggly. I have many files in a > >>>>>> directory > >>>>>>> and > >>>>>>>> want to monitor them all with a wildcard. I have a configuration > >> like > >>>>>>> below: > >>>>>>>> $ModLoad imfile > >>>>>>>> $InputFilePollInterval 10 > >>>>>>>> $PrivDropToGroup adm > >>>>>>>> $WorkDirectory /var/spool/rsyslog > >>>>>>>> > >>>>>>>> # Input for FILE1 > >>>>>>>> $InputFileName /FILE1 > >>>>>>>> $InputFileTag APPNAME1 > >>>>>>>> $InputFileStateFile stat-APPNAME1 #this must be unique for each > >> file > >>>>>>> being > >>>>>>>> polled > >>>>>>>> $InputFileSeverity info > >>>>>>>> $InputFilePersistStateInterval 20000 > >>>>>>>> $InputRunFileMonitor > >>>>>>>> > >>>>>>>> # Add a tag for file events > >>>>>>>> $template LogglyFormatFile,"<%pri%>%protocol-version% > >>>>>>>> %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% > >>>>>>>> [TOKEN@41058 tag=\"file\"] %msg%\n" > >>>>>>>> > >>>>>>>> # Send to Loggly then discard > >>>>>>>> if $programname == 'APPNAME1' then @@logs-01.loggly.com:514;Loggl > > >>>>>> yFormatFile > >>>>>>>> if $programname == 'APPNAME1' then ~ > >>>>>>>> > >>>>>>>> What I want is to use wildcard as > >>>>>>>> > >>>>>>>> $InputFileName /directory/*.txt > >>>>>>>> > >>>>>>>> or $InputFileName /directory/* > >>>>>>>> > >>>>>>>> Please consider my case on priority. > >>>>>>>> > >>>>>>>> Thanks > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> -- > >>>>>>>> View this message in context: http://rsyslog-users.1305293. > >>>>>>> n2.nabble.com/Wildcard-Support-to-log-all-the-file- > >>>>>>> logs-of-a-directory-tp7592048.html > >>>>>>>> Sent from the rsyslog-users mailing list archive at Nabble.com. > >>>>>>>> _______________________________________________ > >>>>>>>> rsyslog mailing list > >>>>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>>>>>>> http://www.rsyslog.com/professional-services/ > >>>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >>>>>> myriad > >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > >> you > >>>>>>> DON'T LIKE THAT. > >>>>>>> _______________________________________________ > >>>>>>> rsyslog mailing list > >>>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>>>>>> http://www.rsyslog.com/professional-services/ > >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >>>>>> myriad > >>>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > >> you > >>>>>>> DON'T LIKE THAT. > >>>>>>> > >>>>>>> > >>>>>>> ------------------------------ > >>>>>>> If you reply to this email, your message will be added to the > >>>>>> discussion > >>>>>>> below: > >>>>>>> http://rsyslog-users.1305293.n2.nabble.com/Wildcard- > >>>>>>> Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592049.html > > >>>>>>> To unsubscribe from Wildcard Support to log all the file logs of a > >>>>>>> directory, click here > >>>>>>> <http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer > >>>>>> vlet.jtp?macro=unsubscribe_by_code&node=7592048&code=c2phaW5 > >>>>>> AbG9nZ2x5LmNvbXw3NTkyMDQ4fC02MDgzODE4NDg=> > >>>>>>> . > >>>>>>> NAML > >>>>>>> <http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer > >>>>>> vlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail > >>>>>> .naml&base=nabble.naml.namespaces.BasicNamespace-nabble. > >>>>>> view.web.template.NabbleNamespace-nabble.view.web.template. > >>>>>> NodeNamespace&breadcrumbs=notify_subscribers%21nabble% > >>>>>> 3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_ > >>>>>> instant_email%21nabble%3Aemail.naml> > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> Thank you, > >>>>>> Shweta Jain > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> View this message in context: http://rsyslog-users.1305293.n > >>>>>> 2.nabble.com/Wildcard-Support-to-log-all-the-file-logs-of-a- > >>>>>> directory-tp7592048p7592053.html > >>>>>> Sent from the rsyslog-users mailing list archive at Nabble.com. > >>>>>> _______________________________________________ > >>>>>> rsyslog mailing list > >>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>>>>> http://www.rsyslog.com/professional-services/ > >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >> myriad > >>>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > >> you > >>>>>> DON'T LIKE THAT. > >>>>>> > >>>>> > >>>>> -- > >>>>> Thank you, > >>>>> Shweta Jain > >>>>> > >>>> > >>>> -- > >>>> Thank you, > >>>> Shweta Jain > >>>> > >>> > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> > >> > >> ------------------------------ > >> If you reply to this email, your message will be added to the > discussion > >> below: > >> http://rsyslog-users.1305293.n2.nabble.com/Wildcard- > >> Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592064.html > >> To unsubscribe from Wildcard Support to log all the file logs of a > >> directory, click here > >> < > >> . > >> NAML > >> <http://rsyslog-users.1305293.n2.nabble.com/template/ > NamlServlet.jtp?macro=macro_viewer&id=instant_html% > 21nabble%3Aemail.naml&base=nabble.naml.namespaces. > BasicNamespace-nabble.view.web.template.NabbleNamespace- > nabble.view.web.template.NodeNamespace&breadcrumbs= > notify_subscribers%21nabble%3Aemail.naml-instant_emails% > 21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > >> > > > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > http://rsyslog-users.1305293.n2.nabble.com/Wildcard- > Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592066.html > To unsubscribe from Wildcard Support to log all the file logs of a > directory, click here > <http://rsyslog-users.1305293.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7592048&code=c2phaW5AbG9nZ2x5LmNvbXw3NTkyMDQ4fC02MDgzODE4NDg=> > . > NAML > <http://rsyslog-users.1305293.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- Thank you, Shweta Jain -- View this message in context: http://rsyslog-users.1305293.n2.nabble.com/Wildcard-Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592067.html Sent from the rsyslog-users mailing list archive at Nabble.com. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
