...
These are the parameters we recommend using to configure each input file.
$InputFileName | The path and filename of the file to monitor. |
|---|
$InputFileTag | The tag to assign to messages that come from the monitored file. |
|---|
$InputFileStateFile | The name of the state file that will be saved in the $WorkingDirectory (specified in 00-devo.conf). The state file keeps a history of the messages that were more recently processed. In the case of a rsyslog crash or reboot, this file will be checked in order to know where to resume message processing. |
|---|
$InputFileSeverity / $InputFileFacility | The syslog severity and facility to assign to messages from the input file. |
|---|
$InputFilePollInterval | The interval in seconds between checking the file for new messages. |
|---|
$InputFilePersistStateInterval | The number of events after which the processing status should be updated. This should be set to 1. |
|---|
If $syslogtag contains 'my.devo.tag' … | This line instructs rsyslog to send all incoming events with the ‘my.devo.tag’ tag via TCP to ‘DEVO-RELAY:PORT’ using the log format defined in ‘myFileMonitorTemplate’ in the configuration file header. |
|---|
:syslogtag, contains, 'my.devo.tag.' ~ | This line removes messages with the my.devo.tag from the rsyslog processing chain so that they will not be re-processed by any other configuration files. |
|---|
The following configuration file shows how to monitor multiple Apache server log files and send them to a Devo Relay. Note that this file is not set up with SSL/TLS security.
...
| Code Block |
|---|
chown :syslog /var/log/apache2 /var/log/apache2/*.log
|
If the input files are part of a logrotate policy and logrotate create mode is being used, ensure that syslog will still have permissions over the new file. For example, in Apache:
...
| Code Block |
|---|
/etc/init.d/rsyslog restart
|
Once restarted, go to Data Searchsearch in the Devo web application and look for the table that contains the events with the tag you just set up.
...