Application log

inet45 · September 25, 2020, 7:38am

i am running ubuntu server, and i have custom application saving logs to /var/logs/redo/redo.log

how to configure rsyslog to send this to graylog server ?

shoothub · September 25, 2020, 7:58am

Create file in /etc/rsyslog.d/my_application.conf with content:

$ActionQueueType LinkedList # use asynchronous processing
# set file name, also enables disk mode,
# this value must be unique inside all configs
$ActionQueueFileName srvrfwd
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
# max limit the number of messages that queue can contain
$ActionQueueSize 10000
$ActionQueueMaxFileSize 10M # limit the size of queue buffer on disk
$ModLoad imfile # needs to be done just once

# File 1
$InputFileName /var/log/file1 # path to log file
$InputFileTag tag1: # identification of process
$InputFileStateFile stat-file1

$InputFileSeverity error # severity level
$InputFileFacility local7 # facility level
$InputRunFileMonitor

if $programname == 'tag1' then @@graylog.example.org:1514;RSYSLOG_SyslogProtocol23Format

Use @@ for TCP input or @ for UDP Input.

inet45 · September 25, 2020, 8:04am

thank you, what are those two lines for:

$InputFileTag tag1: # identification of process
$InputFileStateFile stat-file1

shoothub · September 25, 2020, 9:41am

InputFileTag you use for tag (name) your input file log file. Next you use it in if contition to forward to syslog server (graylog) - last line.

inet45 · September 26, 2020, 10:50pm

on Ubuntu 14.04 am getting the following:

rsyslogd: version 7.4.4, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: action ‘InputFileStateFile’ treated as ‘:omusrmsg:InputFileStateFile’ - please change syntax, ‘InputFileStateFile’ will not be supported in the future [try http://www.rsyslog.com/e/2184 ]
rsyslogd: user name ‘InputFil…’ too long - ignored
rsyslogd: action ‘stat-access’ treated as ‘:omusrmsg:stat-access’ - please change syntax, ‘stat-access’ will not be supported in the future [try http://www.rsyslog.com/e/2184 ]
rsyslogd: user name ‘stat-acc…’ too long - ignored
rsyslogd: imfile error: not state file name given, file monitor can not be created [try http://www.rsyslog.com/e/2046 ]
rsyslogd: imfile: no files configured to be monitored - no input will be gathered [try http://www.rsyslog.com/e/2212 ]
rsyslogd: End of config validation run. Bye.

inet45 · September 28, 2020, 7:29am

upgrading rsyslog to version 8 on Ubuntu 14.04 resolved the issue

system · October 12, 2020, 7:29am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I configure rsyslog to send logs from a specific program to a remote syslog server? Graylog Central (peer support) sidecar	3	5899	October 2, 2020
How to save all incoming syslog to Graylog-server Graylog Central (peer support)	12	9950	October 12, 2017
Log message deplicate Graylog Central (peer support)	5	493	January 1, 2022
Config RHEL8 rsyslog to send a copy of logs to graylog Graylog Central (peer support)	3	438	February 7, 2023
Rsyslog app name Graylog Central (peer support) documentation , filebeat-linux , access-specific-log- , dashboards , gelf	4	950	January 12, 2023

Application log

Related topics