I need to send ContxtBroker log to syslog but the other method I could find is via imfile, which is very inaccurate in timing.
Is there any way for sending ContextBroker logs directly to syslog?
The orion context broker only outputs its log information to its log file (which defaults at /tmp/contextBroker.log), and currently we don't have any intention of changing this behavior, sorry.
You could always implement a process that reads from the log file, parses the log contents and forwards the log message to syslog. Doesn't seem too difficult ...
Related
Liberty has rich support for logging and tracing as outlined in https://www.ibm.com/support/knowledgecenter/SSEQTP_liberty/com.ibm.websphere.wlp.doc/ae/rwlp_logging.html
Based on that, I am able to get audit, messaging, and trace logs sent to the console. However, one part of our system is using Liberty's JBatch implementation and these logs are getting lost inside our containers' ephemeral filesystem.
Is there a way to force Liberty to send these logs to the console with the rest of our output (so that it will get shipped to our log analysis service)?
I've told PostgreSQL to log to syslogd and to tag its messages with "postgresql". These messages appear in /var/log/syslog with that tag.
Now I'd like those messages not to appear in /var/log/syslog but in /var/log/example/postgresql/. I thought I could do that by creating the file /etc/rsyslog.d/25-postgresql.conf with this single line (plus some comments, in real life):
:msg,contains,"postgresql" /var/log/example/postgresql/postgresql.log
Restarting rsyslog doesn't result in postgresql messages going to that file, however: they still go to /var/log/syslog.
Any suggestions what I've done wrong?
I am running an ELK-Stack as a central syslogserver and I set up rsyslog to send logfiles, which are not logging into /var/lib/messages by default, to it.
The setup is working very well but since I made the configuration the external logfiles actually show up in the messages file, which is blowing it out of proportion and makes debugging normal systemlogs difficult.
I want the logs to be send to the syslogserver but not into the messages file.
This is my current configuration:
111-elk-syslog.conf:
*.* ##IP_OF_THE_SYSLOGSERVER:514
101-external-log.conf
$ModLoad imfile
$InputFileName PATH_TO_LOGFILE
$InputFileTag FILE_TAG
$InputFileStateFile FILE_TAG
$InputFileFacility local3
$InputRunFileMonitor
I know, using filebeat, I could circumvent this but rsyslog is working very well in my enviroment and this application is the only one logging so much, that this is an actual problem.
I don't understand in detail your setup, but it may help to know that in general in rsyslogd if you don't want further handling of a message that you have matched, you simply repeat the filter on the next line by using &, and the action stop. For example, you might try
*.* ##IP_OF_THE_SYSLOGSERVER:514
& stop
On Centos 6.2, trying to get the kernel log redirected to the serial console, I came across an issue where agetty seems to be respawning every few keypresses.
That is, I get a login prompt in the middle of typing (after logging in).
In order to investigate the issue further, I'm looking for the location of agetty logs, but to no avail. Where and how can I see log messages for respawned agetty process?
The "diagnostics" section of the "agetty" command manpage states:
Depending on how the program was configured, all diagnostics are written to
the console device or reported via the syslog(3) facility. Error messages are
produced if the port argument does not specify a terminal device; if there is
no utmp entry for the current process (System V only); and so on.
The syslog facility by default writes the "/var/log/messages" file, but it can be configured to write another file by editing its configuration file "/etc/syslog.conf".
Finally, if the error you get is "respawning too fast", you should check your "/etc/inittab" file, as described here.
I'm trying to write event based ftp server that notifies me when some user uploads any file(users will never do any delete or other stuff, they just upload). Apache ftpServer with ftplets is what I need but it is java based and does not satisfy my environment. So what I'm planning to do is to run vsftpd and another process besides it which listens to IN_CLOSE_WRITE event. When vsftpd close the file descriptor after finishing file upload, my process will be notified and I will do some appropriate action. My questions are:
Is it possible that I miss any file upload?
Is it possible that IN_CLOSE_WRITE fired in other situations that I get inconsistent files instead of ready to use files?
if the incrond service crashes or is stopped you will loose notification during that time
IN_CLOSE_WRITE should work.