Application log

inet45 · September 25, 2020, 7:38am

i am running ubuntu server, and i have custom application saving logs to /var/logs/redo/redo.log

how to configure rsyslog to send this to graylog server ?

shoothub · September 25, 2020, 7:58am

Create file in /etc/rsyslog.d/my_application.conf with content:

$ActionQueueType LinkedList # use asynchronous processing
# set file name, also enables disk mode,
# this value must be unique inside all configs
$ActionQueueFileName srvrfwd
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
# max limit the number of messages that queue can contain
$ActionQueueSize 10000
$ActionQueueMaxFileSize 10M # limit the size of queue buffer on disk
$ModLoad imfile # needs to be done just once

# File 1
$InputFileName /var/log/file1 # path to log file
$InputFileTag tag1: # identification of process
$InputFileStateFile stat-file1

$InputFileSeverity error # severity level
$InputFileFacility local7 # facility level
$InputRunFileMonitor

if $programname == 'tag1' then @@graylog.example.org:1514;RSYSLOG_SyslogProtocol23Format

Use @@ for TCP input or @ for UDP Input.

inet45 · September 25, 2020, 8:04am

thank you, what are those two lines for:

$InputFileTag tag1: # identification of process
$InputFileStateFile stat-file1

shoothub · September 25, 2020, 9:41am

InputFileTag you use for tag (name) your input file log file. Next you use it in if contition to forward to syslog server (graylog) - last line.

inet45 · September 26, 2020, 10:50pm

on Ubuntu 14.04 am getting the following:

rsyslogd: version 7.4.4, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: action ‘InputFileStateFile’ treated as ‘:omusrmsg:InputFileStateFile’ - please change syntax, ‘InputFileStateFile’ will not be supported in the future [try http://www.rsyslog.com/e/2184 ]
rsyslogd: user name ‘InputFil…’ too long - ignored
rsyslogd: action ‘stat-access’ treated as ‘:omusrmsg:stat-access’ - please change syntax, ‘stat-access’ will not be supported in the future [try http://www.rsyslog.com/e/2184 ]
rsyslogd: user name ‘stat-acc…’ too long - ignored
rsyslogd: imfile error: not state file name given, file monitor can not be created [try http://www.rsyslog.com/e/2046 ]
rsyslogd: imfile: no files configured to be monitored - no input will be gathered [try http://www.rsyslog.com/e/2212 ]
rsyslogd: End of config validation run. Bye.

inet45 · September 28, 2020, 7:29am

upgrading rsyslog to version 8 on Ubuntu 14.04 resolved the issue

system · October 12, 2020, 7:29am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to save all incoming syslog to Graylog-server Graylog Central (peer support)	12	9644	October 12, 2017
Log message deplicate Graylog Central (peer support)	5	428	January 1, 2022
Config RHEL8 rsyslog to send a copy of logs to graylog Graylog Central (peer support)	3	250	February 7, 2023
Rsyslog: imfile module to ingest text files Graylog Central (peer support)	1	610	November 30, 2018
Rsyslog.conf on Graylog Server? Graylog Central (peer support)	2	1166	August 22, 2018

Application log

Related Topics