Hi team,

Can someone please help me with parsing the below tomcat log (contains multiple lines) ?

**tomcat log snippet: **

19-Aug-2020 12:39:51.412 INFO [Catalina-utility-2] org.apache.catalina.startup.HostConfig.undeploy Undeploying context [/front] 19-Aug-2020 12:40:31.462 INFO [Catalina-utility-2] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [D:\Tomcat\webapps\front] 19-Aug-2020 12:40:32.813 SEVERE [Catalina-utility-2] org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web application directory [D:\Tomcat\webapps\front] java.lang.IllegalStateException: Error starting child at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:720) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1866) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

I am trying to use the same example (url below) from nxlog official guide, but didn't help. https://nxlog.co/documentation/nxlog-user-guide/apache-tomcat.html

**Please see my conf file content below: **

define REGEX /(?x)^(?<EventTime>\d{2}-\d{3}-\d{4}\ \d{2}:\d{2}:\d{2}).\d{3}\
(?<Severity>\S+)\ [(?<Class>\S+)]\ (?<Message>[\s\S]+)/

Module xm_multiline HeaderLine %REGEX% Module im_file File 'D:\Tomcat\logs\catalina.*.log' SavePos TRUE InputType multiline Exec if $raw_event =~ %REGEX% $EventTime = parsedate($EventTime); log_info($raw_event); log_info($Message); Exec $Message = 'TOMCAT_Catalina ' + $raw_event ; $SyslogFacilityValue = 1; $SyslogSeverityValue=5;

**And getting below errors: **

2020-11-13 14:25:54 ERROR failed to compile regular expression '(?x)^(?<EventTime>\d{2}-\d{3}-\d{4}\ \d{2}:\d{2}:\d{2}).\d{3}\ (?<Severity>\S+)\ [(?<Class>\S+)]\ (?<Message>[\s\S]+)', error at position 136: unmatched parentheses 2020-11-13 14:25:54 ERROR invalid expression in 'HeaderLine' at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:7 2020-11-13 14:25:54 ERROR Invalid InputType 'multiline' at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:19 2020-11-13 14:25:54 ERROR module 'tomcat_catalina_log' has configuration errors, not adding to route '4' at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:53 2020-11-13 14:25:54 ERROR route 4 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:53

Please help.

Thanks in advance!

Hi,

Please note, that you are referring to the NXLog EE docs - that may be important when NXLog CE is being used.

Just in case - I'm not sure if you pasted your config keeping just the lines you wanted to show, but please remember, that each directive set needs to be enclosed in appropriate tags (for instance, inputs in <Input name>...</Input>, outputs in <Output name>...</Output>. Obviously, the example you're referring to misses also the Route declaration.

You clearly have an issue with your REGEX. You've apparently modified the suggested regex, and it causes problems. Also, your logs seem to have a bit different format, so you might need to change your regular expression to meet.

The important question here would be: what do you want extract from your logs? Once it's clear, you can easily extract whatever you need.

Best of luck!
Rafal