Good morniong,
i am running logstash_server as a central logger and nxlog as client on
10-15 servers.
i am sending the logs to the logger and store tham in files on the logger.
sometimes when there is a load on the servers i start to get the logs on
the logger with hours of delay.
is there a way i
I have:
Module im_file
File /logs/*.log
Exec $filename = file_name();
But /logs is a filesystem, and now I keep getting an error that it can't read
/logs/lost+found. Is it possible to ignore a directory with im_file?
Thanks.
--
Yves.
--
Personally, I send all in syslog format to logstash.
I convert the multi-lines logs into single line with:
'Exec if $raw_event =~ s/[\r\n]/ /g {}'
Below an extract of my log files.
Exec $hostname = '%HOSTNAME%';
Exec $SyslogSeverityValue = 5;
Exec if $raw_event =~ s/[\r\n
