NXLog search
Let's talk Start free
Let's talk Start free

Trying to parse Tomcat logs using nxlog, getting error

View thread
LS_140907

Hi team,

Can someone please help me with parsing the below tomcat log (contains multiple lines) ?

**tomcat log snippet: **

19-Aug-2020 12:39:51.412 INFO [Catalina-utility-2] org.apache.catalina.startup.HostConfig.undeploy Undeploying context [/front] 19-Aug-2020 12:40:31.462 INFO [Catalina-utility-2] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [D:\Tomcat\webapps\front] 19-Aug-2020 12:40:32.813 SEVERE [Catalina-utility-2] org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web application directory [D:\Tomcat\webapps\front] java.lang.IllegalStateException: Error starting child at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:720) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1866) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

I am trying to use the same example (url below) from nxlog official guide, but didn't help. https://nxlog.co/documentation/nxlog-user-guide/apache-tomcat.html

**Please see my conf file content below: **

define REGEX /(?x)^(?<EventTime>\d{2}-\d{3}-\d{4}\ \d{2}:\d{2}:\d{2}).\d{3}\
(?<Severity>\S+)\ [(?<Class>\S+)]\ (?<Message>[\s\S]+)/

Module xm_multiline HeaderLine %REGEX% Module im_file File 'D:\Tomcat\logs\catalina.*.log' SavePos TRUE InputType multiline Exec if $raw_event =~ %REGEX% $EventTime = parsedate($EventTime); log_info($raw_event); log_info($Message); Exec $Message = 'TOMCAT_Catalina ' + $raw_event ; $SyslogFacilityValue = 1; $SyslogSeverityValue=5;

**And getting below errors: **

2020-11-13 14:25:54 ERROR failed to compile regular expression '(?x)^(?<EventTime>\d{2}-\d{3}-\d{4}\ \d{2}:\d{2}:\d{2}).\d{3}\ (?<Severity>\S+)\ [(?<Class>\S+)]\ (?<Message>[\s\S]+)', error at position 136: unmatched parentheses 2020-11-13 14:25:54 ERROR invalid expression in 'HeaderLine' at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:7 2020-11-13 14:25:54 ERROR Invalid InputType 'multiline' at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:19 2020-11-13 14:25:54 ERROR module 'tomcat_catalina_log' has configuration errors, not adding to route '4' at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:53 2020-11-13 14:25:54 ERROR route 4 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:53

Please help.

Thanks in advance!