NXLog file Truncates | Log collection solutions

#1 Pavan_Obj 6 years ago

Attached log:

tail -f nxlog
INFO input file '/kafka/logs/s3/s3sinkfirewall.log' was truncated,
restarting from the beginning
INFO input file '/kafka/logs/s3/s3sinkfirewall.log' was truncated,
restarting from the beginning
INFO input file '/kafka/logs/s3/s3sinkfirewall.log' was truncated,
restarting from the beginning
Attached my config file:

## This is a sample configuration file. See the nxlog reference manual about
the
## configuration options. It should be installed locally under
## /usr/share/doc/nxlog-ce/ and is also available online at
## http://nxlog.org/docs

########################################
# Global directives #
########################################
User nxlog
Group nxlog

LogFile /var/log/nxlog/nxlog.log
LogLevel INFO

# Machine Specific Variables
define CurrentHost kafkavm5
define HeadNxPort 8084
# Common Functions/Variables
include
/kafka/connectors/consumers/MonitorScripts/nxLogConf/nxlogCommon.conf

<Route S3consumer>
Path s3consumerlogs => nxlog_dailys3consumerlogs
</Route>
Also adding nxLogCommon.conf:

<Input s3consumerlogs>
Module im_file
File "%Consumers3Logs%/s3sinkfirewall.log"
SavePos TRUE
ReadFromLast TRUE
<Schedule>
# Check processes every 5 min
Every 30 sec
Exec exec_async("%ScriptPath%/CheckProcesses.py","%Email%","%ConsumerSplunkLogs%");
</Schedule>
<Schedule>
# Remove logs daily
When @daily
<Exec>
file_remove("%DailyLogPrefix%*");
</Exec>
</Schedule>
<Exec>

#$Message = $raw_event;

$Message = substr($raw_event, 0, 1000);
$SourceFile = file_name();
$SourceHost = "%CurrentHost%";
to_json();
</Exec>
I can add if anything else is required.

Permalink

#2 b0ti Nxlog ✓ 6 years ago

#1 Pavan_Obj

Attached log: tail -f nxlog INFO input file '/kafka/logs/s3/s3sinkfirewall.log' was truncated, restarting from the beginning INFO input file '/kafka/logs/s3/s3sinkfirewall.log' was truncated, restarting from the beginning INFO input file '/kafka/logs/s3/s3sinkfirewall.log' was truncated, restarting from the beginning Attached my config file: ## This is a sample configuration file. See the nxlog reference manual about the ## configuration options. It should be installed locally under ## /usr/share/doc/nxlog-ce/ and is also available online at ## http://nxlog.org/docs ######################################## # Global directives # ######################################## User nxlog Group nxlog LogFile /var/log/nxlog/nxlog.log LogLevel INFO # Machine Specific Variables define CurrentHost kafkavm5 define HeadNxPort 8084 # Common Functions/Variables include /kafka/connectors/consumers/MonitorScripts/nxLogConf/nxlogCommon.conf <Route S3consumer> Path s3consumerlogs => nxlog_dailys3consumerlogs </Route> Also adding nxLogCommon.conf: <Input s3consumerlogs> Module im_file File "%Consumers3Logs%/s3sinkfirewall.log" SavePos TRUE ReadFromLast TRUE <Schedule> # Check processes every 5 min Every 30 sec Exec exec_async("%ScriptPath%/CheckProcesses.py","%Email%","%ConsumerSplunkLogs%"); </Schedule> <Schedule> # Remove logs daily When @daily <Exec> file_remove("%DailyLogPrefix%*"); </Exec> </Schedule> <Exec> #$Message = $raw_event; $Message = substr($raw_event, 0, 1000); $SourceFile = file_name(); $SourceHost = "%CurrentHost%"; to_json(); </Exec> I can add if anything else is required.

You seem to have forgotten to actually ask a question.