Idea Details

vApp rsyslog_custom does not support dynamic file names

Last activity 06-17-2019 06:39 PM
William Patton's profile image
04-18-2019 08:25 AM

We were able to successfully ingest logs to our target sumo need one quick help if we want to ingest more than one log of same name how we can ingest * doesn't work I have tried below is log snippet which we need to ingest 


-rw-rw-r-- 1 imps imps 104858301 Mar 19 17:36 etatrans20190319-0001.log
-rw-rw-r-- 1 imps imps 2020668 Mar 19 23:38 etanotify20190319-0242.log
-rw-rw-r-- 1 imps imps 34248754 Mar 19 23:56 etatrans20190319-1736.log
-rw-rw-r-- 1 imps imps 104857613 Mar 20 17:28 etatrans20190320-0001.log
-rw-rw-r-- 1 imps imps 1832944 Mar 20 23:42 etanotify20190320-0300.log
-rw-rw-r-- 1 imps imps 33218805 Mar 20 23:56 etatrans20190320-1728.log


This is how I am ingesting in rsyslog
$InputFileName /opt/CA/IdentityManager/ProvisioningServer/logs/etanotify*.log
$InputFileTag wildfly_idm3
$InputFileStateFile wildfly-idm-file3
$InputFileSeverity info
$InputFileFacility local7


Notes from broadcom engineering: 
From what i have tested internally, we need latest version of rsyslogd to support wildcards. The Vapp is shipped with version 5.8.10 
$>rsyslogd -version 
rsyslogd 5.8.10, compiled with: 
GSSAPI Kerberos 5 support: Yes 
FEATURE_DEBUG (debug build, slow code): No 
32bit Atomic operations supported: Yes 
64bit Atomic operations supported: Yes 
Runtime Instrumentation (slow code): No 

See for more information. 

On a test machine(Non-Vapp machine) with even rsyslogd version 7.x i was not able to use wildcard for filenames, after upgrading rsyslogd to 8.19 i was able to see it pick up wildcards for filenames and monitoring multiple files. 
please refer Section (Using Wildcards with rsyslog's File Monitor imfile), it clearly says 

* Prerequisites ● kernel with inotify support ● at least rsyslog v8.5.0 
i dont think without updating the rsyslogd version we will be able to accomplish what customer is looking for. 




We need this update in vApp