Using Wildcards with rsyslog's File Monitor imfile

Rainer Gerhards
Rainer GerhardsChief Software Architect at Adiscon GmbH
Using Wildcards with rsyslog’s File Monitor Rainer Gerhards, rsyslog project lead
Prerequisites ● kernel with inotify support ● at least rsyslog v8.5.0 ● if not available in your distro o use rsyslog package repository (recommended) o build from source ● imfile module (usually in base package)
State Files ● rsyslog needs to know how much of a file it already processed ● upon shutdown a “state file” is created with this information ● stored in rsyslog work directory ● let rsyslog generate the state file name automatically!
Restrictions ● wildcards are support at the file level, not at the directory level o /var/log/applog*.log is valid o /var/applog*/logfile.log is invalid ● subdirectories that match the wildcard are not processed o if /var/log/applog-dir.log is a directory, it will not be processed ● wildcards do not work in polling mode
Base Config Sample global(workDirectory=”/home/rsyslog/spool”)m odule(load=”imfile”) input(type=”imfile” tag=”applog” file=”/var/log/applog*.log”)
Sample: Remote Forwarding global(workDirectory=”/home/rsyslog/spool”) module(load=”imfile”) ruleset(name="infiles") { action(type="omfwd” target=”server.example.net” protocol=”tcp” port=”10514” ) } input(type=”imfile” tag=”applog” file=”/var/log/applog*.log”)
Notes on Remote Forwarding Conf ● forwarding happens totally independent from rest of logging configuration due to use of ruleset ● module() statement must occur only once ● workDirectory o is used for all rsyslog work and state files o must be set only once (usually at top of top level rsyslog.conf)
1 of 7

Using Wildcards with rsyslog's File Monitor imfile

Download to read offline
Technology

Want to monitor log files with rsyslog and use wildcards to monitor a large file set? This presentation shows you how to do that.

Rainer Gerhards
Rainer GerhardsChief Software Architect at Adiscon GmbH

Recommended

Writing External Rsyslog Plugins by
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog PluginsRainer Gerhards
15.2K views13 slides
YugabyteDB - Distributed SQL Database on Kubernetes by
YugabyteDB - Distributed SQL Database on KubernetesYugabyteDB - Distributed SQL Database on Kubernetes
YugabyteDB - Distributed SQL Database on KubernetesDoKC
159 views48 slides
Best practices for Data warehousing with Amazon Redshift - AWS PS Summit Canb... by
Best practices for Data warehousing with Amazon Redshift - AWS PS Summit Canb...Best practices for Data warehousing with Amazon Redshift - AWS PS Summit Canb...
Best practices for Data warehousing with Amazon Redshift - AWS PS Summit Canb...Amazon Web Services
911 views34 slides
Building a Unified Logging Layer with Fluentd, Elasticsearch and Kibana by
Building a Unified Logging Layer with Fluentd, Elasticsearch and KibanaBuilding a Unified Logging Layer with Fluentd, Elasticsearch and Kibana
Building a Unified Logging Layer with Fluentd, Elasticsearch and KibanaMushfekur Rahman
303 views57 slides
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash by
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
2.3K views30 slides
ELK Stack by
ELK StackELK Stack
ELK StackPhuc Nguyen
9.1K views45 slides

More Related Content

What's hot

Elastic Stack Introduction by
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
7.9K views21 slides
12-Step Program for Scaling Web Applications on PostgreSQL by
12-Step Program for Scaling Web Applications on PostgreSQL12-Step Program for Scaling Web Applications on PostgreSQL
12-Step Program for Scaling Web Applications on PostgreSQLKonstantin Gredeskoul
69.1K views101 slides
Spectrum Scale Best Practices by Olaf Weiser by
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSandeep Patil
6.2K views72 slides
ZDLRA in Action by
ZDLRA in ActionZDLRA in Action
ZDLRA in ActionDaniele Massimi
2.4K views53 slides
Spark SQL by
Spark SQLSpark SQL
Spark SQLJoud Khattab
6.5K views71 slides
Elk by
Elk Elk
Elk Caleb Wang
4.2K views21 slides

What's hot(20)

Elastic Stack Introduction by Vikram Shinde
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack Introduction
Vikram Shinde7.9K views
12-Step Program for Scaling Web Applications on PostgreSQL by Konstantin Gredeskoul
12-Step Program for Scaling Web Applications on PostgreSQL12-Step Program for Scaling Web Applications on PostgreSQL
12-Step Program for Scaling Web Applications on PostgreSQL
Konstantin Gredeskoul69.1K views
Spectrum Scale Best Practices by Olaf Weiser by Sandeep Patil
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf Weiser
Sandeep Patil6.2K views
ZDLRA in Action by Daniele Massimi
ZDLRA in ActionZDLRA in Action
ZDLRA in Action
Daniele Massimi2.4K views
Spark SQL by Joud Khattab
Spark SQLSpark SQL
Spark SQL
Joud Khattab6.5K views
Elk by Caleb Wang
Elk Elk
Elk
Caleb Wang4.2K views
Salvatore Sanfilippo – How Redis Cluster works, and why - NoSQL matters Barce... by NoSQLmatters
Salvatore Sanfilippo – How Redis Cluster works, and why - NoSQL matters Barce...Salvatore Sanfilippo – How Redis Cluster works, and why - NoSQL matters Barce...
Salvatore Sanfilippo – How Redis Cluster works, and why - NoSQL matters Barce...
NoSQLmatters10.1K views
Ansible 101 by Gena Mykhailiuta
Ansible 101Ansible 101
Ansible 101
Gena Mykhailiuta1.4K views
The Linux Kernel Implementation of Pipes and FIFOs by Divye Kapoor
The Linux Kernel Implementation of Pipes and FIFOsThe Linux Kernel Implementation of Pipes and FIFOs
The Linux Kernel Implementation of Pipes and FIFOs
Divye Kapoor25.7K views
Security and Multi-Tenancy with Apache Pulsar in Yahoo! (Verizon Media) - Pul... by StreamNative
Security and Multi-Tenancy with Apache Pulsar in Yahoo! (Verizon Media) - Pul...Security and Multi-Tenancy with Apache Pulsar in Yahoo! (Verizon Media) - Pul...
Security and Multi-Tenancy with Apache Pulsar in Yahoo! (Verizon Media) - Pul...
StreamNative378 views
Automation with ansible by Khizer Naeem
Automation with ansibleAutomation with ansible
Automation with ansible
Khizer Naeem1.6K views
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str... by xKinAnx
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
xKinAnx1.6K views
NY Meetup: Scaling MariaDB with Maxscale by Wagner Bianchi
NY Meetup: Scaling MariaDB with MaxscaleNY Meetup: Scaling MariaDB with Maxscale
NY Meetup: Scaling MariaDB with Maxscale
Wagner Bianchi1.3K views
Deep Dive on Amazon Aurora by Amazon Web Services
Deep Dive on Amazon AuroraDeep Dive on Amazon Aurora
Deep Dive on Amazon Aurora
Amazon Web Services5K views
RocksDB detail by MIJIN AN
RocksDB detailRocksDB detail
RocksDB detail
MIJIN AN7.3K views
Disaster Recovery Planning for MySQL & MariaDB by Severalnines
Disaster Recovery Planning for MySQL & MariaDBDisaster Recovery Planning for MySQL & MariaDB
Disaster Recovery Planning for MySQL & MariaDB
Severalnines1.7K views
Getting started with MariaDB with Docker by MariaDB plc
Getting started with MariaDB with DockerGetting started with MariaDB with Docker
Getting started with MariaDB with Docker
MariaDB plc713 views
PostgreSQL and RAM usage by Alexey Bashtanov
PostgreSQL and RAM usagePostgreSQL and RAM usage
PostgreSQL and RAM usage
Alexey Bashtanov22.9K views
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S... by Edureka!
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
Edureka!1.7K views
How VXLAN works on Linux by Etsuji Nakai
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on Linux
Etsuji Nakai26.7K views

Viewers also liked

Fedora Developer's Conference 2014 Talk by
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkRainer Gerhards
3.5K views29 slides
Life of an Fluentd event by
Life of an Fluentd eventLife of an Fluentd event
Life of an Fluentd eventKiyoto Tamura
587.2K views5 slides
Rsyslog log normalization by
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalizationRainer Gerhards
8.7K views37 slides
Tuning Elasticsearch Indexing Pipeline for Logs by
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsSematext Group, Inc.
27.3K views58 slides
fluent-plugin-norikra #fluentdcasual by
fluent-plugin-norikra #fluentdcasualfluent-plugin-norikra #fluentdcasual
fluent-plugin-norikra #fluentdcasualSATOSHI TAGOMORI
63.7K views28 slides
RHCE FINAL Questions and Answers by
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRadien software
35.3K views20 slides

Viewers also liked(7)

Fedora Developer's Conference 2014 Talk by Rainer Gerhards
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 Talk
Rainer Gerhards3.5K views
Life of an Fluentd event by Kiyoto Tamura
Life of an Fluentd eventLife of an Fluentd event
Life of an Fluentd event
Kiyoto Tamura587.2K views
Rsyslog log normalization by Rainer Gerhards
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalization
Rainer Gerhards8.7K views
Tuning Elasticsearch Indexing Pipeline for Logs by Sematext Group, Inc.
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for Logs
Sematext Group, Inc. 27.3K views
fluent-plugin-norikra #fluentdcasual by SATOSHI TAGOMORI
fluent-plugin-norikra #fluentdcasualfluent-plugin-norikra #fluentdcasual
fluent-plugin-norikra #fluentdcasual
SATOSHI TAGOMORI63.7K views
RHCE FINAL Questions and Answers by Radien software
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and Answers
Radien software 35.3K views
Fluentd vs. Logstash for OpenStack Log Management by NTT Communications Technology Development
Fluentd vs. Logstash for OpenStack Log ManagementFluentd vs. Logstash for OpenStack Log Management
Fluentd vs. Logstash for OpenStack Log Management
NTT Communications Technology Development25.3K views

Similar to Using Wildcards with rsyslog's File Monitor imfile

Integrity and Security in Filesystems by
Integrity and Security in FilesystemsIntegrity and Security in Filesystems
Integrity and Security in FilesystemsConferencias FIST
525 views37 slides
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf... by
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...Puppet
5K views51 slides
Assets, files, and data parsing by
Assets, files, and data parsingAssets, files, and data parsing
Assets, files, and data parsingAly Arman
219 views21 slides
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn... by
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.
6.8K views30 slides
Turbo charge your logs by
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
3.1K views55 slides
Ripping web accessible .git files by
Ripping web accessible .git filesRipping web accessible .git files
Ripping web accessible .git filesVlatko Kosturjak
3K views13 slides

Similar to Using Wildcards with rsyslog's File Monitor imfile(20)

Integrity and Security in Filesystems by Conferencias FIST
Integrity and Security in FilesystemsIntegrity and Security in Filesystems
Integrity and Security in Filesystems
Conferencias FIST525 views
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf... by Puppet
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...
Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...
Puppet5K views
Assets, files, and data parsing by Aly Arman
Assets, files, and data parsingAssets, files, and data parsing
Assets, files, and data parsing
Aly Arman219 views
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn... by Opersys inc.
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Opersys inc.6.8K views
Turbo charge your logs by Jeremy Cook
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
Jeremy Cook3.1K views
Ripping web accessible .git files by Vlatko Kosturjak
Ripping web accessible .git filesRipping web accessible .git files
Ripping web accessible .git files
Vlatko Kosturjak3K views
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions by Nagios
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA SolutionsNagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions
Nagios3.4K views
Linux Directory Structure by Kevin OBrien
Linux Directory StructureLinux Directory Structure
Linux Directory Structure
Kevin OBrien10.9K views
4.1. Path traversal post_exploitation by defconmoscow
4.1. Path traversal post_exploitation4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation
defconmoscow781 views
Mastering InnoDB Diagnostics by guest8212a5
Mastering InnoDB DiagnosticsMastering InnoDB Diagnostics
Mastering InnoDB Diagnostics
guest8212a53.4K views
Harrison fisk masteringinnodb-diagnostics by guest8212a5
Harrison fisk masteringinnodb-diagnosticsHarrison fisk masteringinnodb-diagnostics
Harrison fisk masteringinnodb-diagnostics
guest8212a5837 views
ch11_fileInterface.pdf by HoNguyn746501
ch11_fileInterface.pdfch11_fileInterface.pdf
ch11_fileInterface.pdf
HoNguyn7465012 views
Syslog.ppt by ifsharahmad
Syslog.pptSyslog.ppt
Syslog.ppt
ifsharahmad35 views
ansible : Infrastructure automation,idempotent and more by Sabarinath Gnanasekar
ansible : Infrastructure automation,idempotent and moreansible : Infrastructure automation,idempotent and more
ansible : Infrastructure automation,idempotent and more
Sabarinath Gnanasekar245 views
Windows internals Essentials by John Ombagi
Windows internals EssentialsWindows internals Essentials
Windows internals Essentials
John Ombagi901 views
Windows Phone 8 - 4 Files and Storage by Oliver Scheer
Windows Phone 8 - 4 Files and StorageWindows Phone 8 - 4 Files and Storage
Windows Phone 8 - 4 Files and Storage
Oliver Scheer3.5K views
PigHive.pptx by KeerthiChukka
PigHive.pptxPigHive.pptx
PigHive.pptx
KeerthiChukka8 views
Windows Phone 8 - 4 Files and Storage by Oliver Scheer
Windows Phone 8 - 4 Files and StorageWindows Phone 8 - 4 Files and Storage
Windows Phone 8 - 4 Files and Storage
Oliver Scheer4.3K views
Wonderful world of (distributed) SCM or VCS by Vlatko Kosturjak
Wonderful world of (distributed) SCM or VCSWonderful world of (distributed) SCM or VCS
Wonderful world of (distributed) SCM or VCS
Vlatko Kosturjak3.8K views
Gnr writepath v1.0 by Tomer Perry
Gnr writepath v1.0Gnr writepath v1.0
Gnr writepath v1.0
Tomer Perry154 views

More from Rainer Gerhards

Sicherheit im Internet - Wie kann man sich schützen? by
Sicherheit im Internet - Wie kann man sich schützen?Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Rainer Gerhards
298 views24 slides
rsyslog meets docker by
rsyslog meets dockerrsyslog meets docker
rsyslog meets dockerRainer Gerhards
1.5K views33 slides
Rsyslog version naming (v8.6.0+) by
Rsyslog version naming (v8.6.0+)Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rainer Gerhards
13.4K views9 slides
RSYSLOG v8 improvements and how to write plugins in any language. by
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards
11.3K views27 slides
The rsyslog v8 engine (developer's view) by
The rsyslog v8 engine (developer's view)The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)Rainer Gerhards
9K views13 slides
Wetterbeobachtung - Ein Vortrag für die Grundschule by
Wetterbeobachtung - Ein Vortrag für die GrundschuleWetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleRainer Gerhards
1.8K views26 slides

More from Rainer Gerhards(12)

Sicherheit im Internet - Wie kann man sich schützen? by Rainer Gerhards
Sicherheit im Internet - Wie kann man sich schützen?Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?
Rainer Gerhards298 views
rsyslog meets docker by Rainer Gerhards
rsyslog meets dockerrsyslog meets docker
rsyslog meets docker
Rainer Gerhards1.5K views
Rsyslog version naming (v8.6.0+) by Rainer Gerhards
Rsyslog version naming (v8.6.0+)Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)
Rainer Gerhards13.4K views
RSYSLOG v8 improvements and how to write plugins in any language. by Rainer Gerhards
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.
Rainer Gerhards11.3K views
The rsyslog v8 engine (developer's view) by Rainer Gerhards
The rsyslog v8 engine (developer's view)The rsyslog v8 engine (developer's view)
The rsyslog v8 engine (developer's view)
Rainer Gerhards9K views
Wetterbeobachtung - Ein Vortrag für die Grundschule by Rainer Gerhards
Wetterbeobachtung - Ein Vortrag für die GrundschuleWetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die Grundschule
Rainer Gerhards1.8K views
Rsyslog vs Systemd Journal Presentation by Rainer Gerhards
Rsyslog vs Systemd Journal PresentationRsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal Presentation
Rainer Gerhards15.3K views
Rsyslog vs Systemd Journal (Paper) by Rainer Gerhards
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)
Rainer Gerhards16K views
CEE Log Integrity and the "Counterpane Paper" by Rainer Gerhards
CEE Log Integrity and the "Counterpane Paper"CEE Log Integrity and the "Counterpane Paper"
CEE Log Integrity and the "Counterpane Paper"
Rainer Gerhards848 views
State of syslog (2005) by Rainer Gerhards
State of syslog (2005)State of syslog (2005)
State of syslog (2005)
Rainer Gerhards668 views
Status of syslog as of 2005 by Rainer Gerhards
Status of syslog as of 2005Status of syslog as of 2005
Status of syslog as of 2005
Rainer Gerhards774 views
LogFile Auswertung (log analysis) by Rainer Gerhards
LogFile Auswertung (log analysis)LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)
Rainer Gerhards655 views

Recently uploaded

Business Analyst Series 2023 - Week 4 Session 7 by
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7DianaGray10
139 views31 slides
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...Bernd Ruecker
54 views69 slides
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...ShapeBlue
126 views10 slides
Kyo - Functional Scala 2023.pdf by
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdfFlavio W. Brasil
457 views92 slides
Ransomware is Knocking your Door_Final.pdf by
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfSecurity Bootcamp
96 views46 slides
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue by
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueShapeBlue
222 views7 slides

Recently uploaded(20)

Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10139 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker54 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue126 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil457 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp96 views
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue by ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
ShapeBlue222 views
Generative AI: Shifting the AI Landscape by Deakin University
Generative AI: Shifting the AI LandscapeGenerative AI: Shifting the AI Landscape
Generative AI: Shifting the AI Landscape
Deakin University53 views
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue by ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue263 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue106 views
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by ShapeBlue
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue198 views
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
The Digital Insurer90 views
State of the Union - Rohit Yadav - Apache CloudStack by ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue297 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10123 views
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by ShapeBlue
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
ShapeBlue166 views
Cencora Executive Symposium by marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21159 views
The Power of Heat Decarbonisation Plans in the Built Environment by IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE79 views
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O... by ShapeBlue
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
Declarative Kubernetes Cluster Deployment with Cloudstack and Cluster API - O...
ShapeBlue132 views
DRBD Deep Dive - Philipp Reisner - LINBIT by ShapeBlue
DRBD Deep Dive - Philipp Reisner - LINBITDRBD Deep Dive - Philipp Reisner - LINBIT
DRBD Deep Dive - Philipp Reisner - LINBIT
ShapeBlue180 views
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R... by ShapeBlue
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
Setting Up Your First CloudStack Environment with Beginners Challenges - MD R...
ShapeBlue173 views
Qualifying SaaS, IaaS.pptx by Sachin Bhandari
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
Sachin Bhandari1K views

Using Wildcards with rsyslog's File Monitor imfile

  • 1. Using Wildcards with rsyslog’s File Monitor Rainer Gerhards, rsyslog project lead
  • 2. Prerequisites ● kernel with inotify support ● at least rsyslog v8.5.0 ● if not available in your distro o use rsyslog package repository (recommended) o build from source ● imfile module (usually in base package)
  • 3. State Files ● rsyslog needs to know how much of a file it already processed ● upon shutdown a “state file” is created with this information ● stored in rsyslog work directory ● let rsyslog generate the state file name automatically!
  • 4. Restrictions ● wildcards are support at the file level, not at the directory level o /var/log/applog*.log is valid o /var/applog*/logfile.log is invalid ● subdirectories that match the wildcard are not processed o if /var/log/applog-dir.log is a directory, it will not be processed ● wildcards do not work in polling mode
  • 5. Base Config Sample global(workDirectory=”/home/rsyslog/spool”)m odule(load=”imfile”) input(type=”imfile” tag=”applog” file=”/var/log/applog*.log”)
  • 6. Sample: Remote Forwarding global(workDirectory=”/home/rsyslog/spool”) module(load=”imfile”) ruleset(name="infiles") { action(type="omfwd” target=”server.example.net” protocol=”tcp” port=”10514” ) } input(type=”imfile” tag=”applog” file=”/var/log/applog*.log”)
  • 7. Notes on Remote Forwarding Conf ● forwarding happens totally independent from rest of logging configuration due to use of ruleset ● module() statement must occur only once ● workDirectory o is used for all rsyslog work and state files o must be set only once (usually at top of top level rsyslog.conf)