not resume log files

Comments (6)

• 

  GeorgeBouras

  • Leave a comment

  Yes the file

  /opt/nxlog/var/spool/nxlog/configcache.dat
  

  is created, at

  systemctl stop nxlog
  

  but I do not know if the offsets there are updated as should. the service is started as root ( the command also) The same behavior on different redhat / centos boxes It is the nxlog EE ( registered) I have tried numerous

  /usr/lib/systemd/system/nxlog.service
  

  variations without success

  my input

  # Linux log files
  
  <Exec>
  $source_env    = 'dev';
  $source_server = hostname_fqdn();
  $source_ip     = host_ip();
  if $raw_event  =~/^\s*$/ { drop(); }
  if $raw_event  =~/^\s*#/ { drop(); }
  if file_name() =~/([^\/]+)$/ {$logfile=$1;}
  rename_field('SourceModuleName'  , 'source_type');
  rename_field('EventReceivedTime' , 'timestamp_collect'); 
  delete('SourceModuleType');
  </Exec>  
  
  Module           im_file
  InputType        LineBased
  SavePos          TRUE
  ReadFromLast     TRUE
  Recursive        FALSE
  RenameCheck      FALSE
  PollInterval     1
  ActiveFiles      15
  DirCheckInterval 180
  
  File '/var/log/messages'
  File '/var/log/secure'
  File '/var/log/audit/audit.log'
  File '/var/log/dmesg'
  File '/var/log/boot.log'
  File '/var/log/yum.log'
  File '/var/log/tuned/tuned.log'
  File '/var/log/cron'
  File '/var/log/spooler'
  File '/var/log/maillog'
  

  Thanks, G. Bouras

  June 21, 2019 - 11:56am

• 

  GeorgeBouras

  • Leave a comment

  We found , that the -v resets the offsets at the configcache.dat
  That was 3 lost days at customer.

  G.

  June 24, 2019 - 10:55am