imfile module use state files to save each file "reading position",
among other things.
maybe you should delete them?
Have a look at:
https://raw.githubusercontent.com/mostolog/rsyslog-doc/patch-1/source/overview.rst
https://raw.githubusercontent.com/mostolog/rsyslog-doc/imfile/source/configuration/modules/imfile.rst
El 30/12/16 a las 11:39, Shweta escribió:
Thank you for your response.
I also tried file monitoring using the Wildcard on Rsyslog version 8.23.
The directory had 4 files (file1.txt, file2.txt, file3.txt, file4.log).
The file path I passed was /directory/*.txt
But only file1.txt logs reaches to loggly. What can I do to make wildcard
working.
Additionally, I have verified that the kernel of my machine is inotify
supportable.
On Fri, Dec 30, 2016 at 3:36 PM, rsyslog-users mailing list [via
rsyslog-users] <ml-node+s1305293n7592066...@n2.nabble.com> wrote:
Latest rsyslog version is 8.23
http://www.rsyslog.com/downloads/download-v8-stable/
AFAIK, in order to use imfile, you should run ./configure
--enable-imfile before building source
IIRC, inotify is set by default on recent versions
El 30/12/16 a las 11:03, Shweta escribió:
Yes, I am using latest version of rsyslog i.e., 8.5 which support
wildcards
as per the slide below:
http://www.slideshare.net/rainergerhards1/using-
wildcards-with-rsyslogs-file-monitor-imfile
I am not getting what to build by --enable-imfile?
But you can see my configuration in my previous responses. Can you also
suggest me how to use kernel inotify mode instead of polling mode?
Thanks,
Shweta
On Fri, Dec 30, 2016 at 3:23 PM, rsyslog-users mailing list [via
rsyslog-users] <[hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592066&i=0>> wrote:
Hi Shweta
Have you built with --enable-imfile ?
I'm not an expert on rsyslog, but I would suggest you a few things:
- use new syntax
- use latest rsyslog version
Then, perhaps I could help you...
El 30/12/16 a las 09:36, Shweta Jain escribió:
Any update?
On Thu, Dec 29, 2016 at 6:37 PM, Shweta Jain <[hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592064&i=0>> wrote:
Update:
I tried as per link here: http://www.slideshare.net/
rainergerhards1/using-
wildcards-with-rsyslogs-file-monitor-imfile
I installed Rsyslog 8.5 using tarball. But it seems that file logs
are
not
getting logged to Loggly. My system logs are successfully reaching to
Loggly using Rsyslog version 8.5.
I am getting the below in my logs:
invalid or yet-unknown config file command 'InputRunFileMonitor' -
have
you forgotten to load a module? [try http://www.rsyslog.com/e/3003 ]
My configuration is:
$ModLoad imfile
$InputFilePollInterval 10
$WorkDirectory /var/spool/rsyslog
$PrivDropToGroup adm
# File access file:
$InputFileName /shweta/file1.txt
$InputFileTag yoo
$InputFileStateFile stat-yoo
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
#Add a tag for file events
template (name="LogglyFormatFileyoo" type="string"
string="<%pri%>%protocol-version% %timestamp:::date-rfc3339%
%HOSTNAME%
%app-name% %procid% %msgid% [d57950de-c677-4af7-aeee-
b9647ea54b1c@41058
tag=\"file\" ] %msg%\n")
if $programname == 'yoo' then action(type="omfwd"
protocol="tcp" target="logs-01.loggly.com" port="514"
template="LogglyFormatFileyoo")
if $programname == 'yoo' then ~
Is it using Polling mode or inotify? Where to set inotify mode?
Quick response will be appreciated.
Thanks,
Shweta
On Thu, Dec 29, 2016 at 4:21 PM, Shweta Jain <[hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592064&i=1>> wrote:
Sorry I missed the link in my previous response:
http://www.slideshare.net/rainergerhards1/using-wildcards-
with-rsyslogs-file-monitor-imfile
On Thu, Dec 29, 2016 at 4:06 PM, Shweta <[hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592064&i=2>> wrote:
I did setup on ubuntu 12 with rsyslog version 8.23 but nothing get
logged
to my local as well as loggly.
I also tried on ubuntu-16 with rsyslog version 8.5, but nothing is
getting
logged.
Moreover , I went thorough the slide at the link below, where it is
mentioned to use inotify mode. Where to set inotify mode?
My second issue is I am not able to log anything at
/var/log/syslog.
Even i
am not seeing syslog file in /var/log. I have checked
/etc/rsyslog.conf
file but the line in that file is uncommented.
Thanks for you quick response.
Shweta
On Thu, Dec 29, 2016 at 2:09 PM, David Lang [via rsyslog-users] <
[hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592064&i=3>> wrote:
you don't say what version you are running, the most current docs
are
at:
http://www.rsyslog.com/doc/v8-stable/configuration/modules/
imfile.html
I'm not sure exactly when wildcards became supported, but I
believe
it
was
well
into the 8.x series.
David Lang
On Wed, 28 Dec 2016, Shweta wrote:
Date: Wed, 28 Dec 2016 23:21:14 -0700 (MST)
From: Shweta <[hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592049&i=0>>
Reply-To: rsyslog-users <[hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592049&i=1>>
To: [hidden email]
<http:///user/SendEmail.jtp?type=node&node=7592049&i=2>
Subject: [rsyslog] Wildcard Support to log all the file logs of a
directory
Hi Support,
I want to monitor file logs at Loggly. I have many files in a
directory
and
want to monitor them all with a wildcard. I have a configuration
like
below:
$ModLoad imfile
$InputFilePollInterval 10
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# Input for FILE1
$InputFileName /FILE1
$InputFileTag APPNAME1
$InputFileStateFile stat-APPNAME1 #this must be unique for each
file
being
polled
$InputFileSeverity info
$InputFilePersistStateInterval 20000
$InputRunFileMonitor
# Add a tag for file events
$template LogglyFormatFile,"<%pri%>%protocol-version%
%timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid%
[TOKEN@41058 tag=\"file\"] %msg%\n"
# Send to Loggly then discard
if $programname == 'APPNAME1' then @@logs-01.loggly.com:514;Loggl
yFormatFile
if $programname == 'APPNAME1' then ~
What I want is to use wildcard as
$InputFileName /directory/*.txt
or $InputFileName /directory/*
Please consider my case on priority.
Thanks
--
View this message in context: http://rsyslog-users.1305293.
n2.nabble.com/Wildcard-Support-to-log-all-the-file-
logs-of-a-directory-tp7592048.html
Sent from the rsyslog-users mailing list archive at Nabble.com.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you
DON'T LIKE THAT.
------------------------------
If you reply to this email, your message will be added to the
discussion
below:
http://rsyslog-users.1305293.n2.nabble.com/Wildcard-
Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592049.html
To unsubscribe from Wildcard Support to log all the file logs of a
directory, click here
<http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer
vlet.jtp?macro=unsubscribe_by_code&node=7592048&code=c2phaW5
AbG9nZ2x5LmNvbXw3NTkyMDQ4fC02MDgzODE4NDg=>
.
NAML
<http://rsyslog-users.1305293.n2.nabble.com/template/NamlSer
vlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail
.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.
view.web.template.NabbleNamespace-nabble.view.web.template.
NodeNamespace&breadcrumbs=notify_subscribers%21nabble%
3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_
instant_email%21nabble%3Aemail.naml>
--
Thank you,
Shweta Jain
--
View this message in context: http://rsyslog-users.1305293.n
2.nabble.com/Wildcard-Support-to-log-all-the-file-logs-of-a-
directory-tp7592048p7592053.html
Sent from the rsyslog-users mailing list archive at Nabble.com.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you
DON'T LIKE THAT.
--
Thank you,
Shweta Jain
--
Thank you,
Shweta Jain
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
------------------------------
If you reply to this email, your message will be added to the
discussion
below:
http://rsyslog-users.1305293.n2.nabble.com/Wildcard-
Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592064.html
To unsubscribe from Wildcard Support to log all the file logs of a
directory, click here
<
.
NAML
<http://rsyslog-users.1305293.n2.nabble.com/template/
NamlServlet.jtp?macro=macro_viewer&id=instant_html%
21nabble%3Aemail.naml&base=nabble.naml.namespaces.
BasicNamespace-nabble.view.web.template.NabbleNamespace-
nabble.view.web.template.NodeNamespace&breadcrumbs=
notify_subscribers%21nabble%3Aemail.naml-instant_emails%
21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
------------------------------
If you reply to this email, your message will be added to the discussion
below:
http://rsyslog-users.1305293.n2.nabble.com/Wildcard-
Support-to-log-all-the-file-logs-of-a-directory-tp7592048p7592066.html
To unsubscribe from Wildcard Support to log all the file logs of a
directory, click here
<http://rsyslog-users.1305293.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=7592048&code=c2phaW5AbG9nZ2x5LmNvbXw3NTkyMDQ4fC02MDgzODE4NDg=>
.
NAML
<http://rsyslog-users.1305293.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
