I'm configuring a centralized logging with rsyslog.
I have to specify a input-file with some kind of WildCard but can't find any examples of how to get it working, in the description of the official documentation here a link with an exact description seems broken.
I try to log tomcat7-logfiles that look like localhost_access_log.2015-07-15.txt.
The date in the file updates every day.
What I want to get is some kind of input(type="imfile" ...)
I tried it with:
input(type="imfile" tag="access_log" statefile="tomcat-access-log"
file="/var/log/tomcat7/localhost_access_log.*.txt")
but this is not working and I don't get what I'm doing wrong.
Here is my full code:
$ModLoad imfile
$PrivDropToGroup adm
$WorkDirectory /var/spool/rsyslog
# catalina.log
$InputFileName /var/log/tomcat7/catalina.log
$InputFileTag catalina-log
$InputFileStateFile stat-catalina-log
$InputFileSeverity info
$InputRunFileMonitor
# localhost_access_log.YYYY.MM.DD.txt
input(type="imfile" tag="access_log" statefile="tomcat-access-log" file="/var/log/tomcat7/localhost_access_log.*.txt")
The catalina-logs are working as they are supposed to, however I'm not getting any access-logs in my output.
Any help would be appreciated, please remind me if I'm doing something completely wrong or if there is a better way to do this.
It will only work as of rsyslog v8.5 or newer (not 7) and only when using inotify see here for a presentation explaing the requirements. I forced inotify (although it is the default) with:
module(load="imfile"
mode="inotify"
)
The input is defined like this:
input(type="imfile"
File="/file/path/*.log"
Tag="taskproject:"
Facility="local3"
)
After this, it should be working