2
responses

Hi team,

Can someone please help me with parsing the below tomcat log (contains multiple lines) ?

**tomcat log snippet: **

19-Aug-2020 12:39:51.412 INFO [Catalina-utility-2] org.apache.catalina.startup.HostConfig.undeploy Undeploying context [/front] 19-Aug-2020 12:40:31.462 INFO [Catalina-utility-2] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [D:\Tomcat\webapps\front] 19-Aug-2020 12:40:32.813 SEVERE [Catalina-utility-2] org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web application directory [D:\Tomcat\webapps\front] java.lang.IllegalStateException: Error starting child at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:720) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1866) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

I am trying to use the same example (url below) from nxlog official guide, but didn't help. https://nxlog.co/documentation/nxlog-user-guide/apache-tomcat.html

**Please see my conf file content below: **

define REGEX /(?x)^(?\d{2}-\d{3}-\d{4}\ \d{2}:\d{2}:\d{2}).\d{3}\ \ (?\S+)\ [(?\S+)]\ (?[\s\S]+)/

Module xm_multiline HeaderLine %REGEX%

Module im_file File 'D:\Tomcat\logs\catalina.*.log' SavePos TRUE InputType multiline Exec if $raw_event =~ %REGEX% $EventTime = parsedate($EventTime); log_info($raw_event); log_info($Message); Exec $Message = 'TOMCAT_Catalina ' + $raw_event ; $SyslogFacilityValue = 1; $SyslogSeverityValue=5;

**And getting below errors: **

2020-11-13 14:25:54 ERROR failed to compile regular expression '(?x)^(?\d{2}-\d{3}-\d{4}\ \d{2}:\d{2}:\d{2}).\d{3}\ (?\S+)\ [(?\S+)]\ (?[\s\S]+)', error at position 136: unmatched parentheses 2020-11-13 14:25:54 ERROR invalid expression in 'HeaderLine' at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:7 2020-11-13 14:25:54 ERROR Invalid InputType 'multiline' at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:19 2020-11-13 14:25:54 ERROR module 'tomcat_catalina_log' has configuration errors, not adding to route '4' at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:53 2020-11-13 14:25:54 ERROR route 4 is not functional without input modules, ignored at C:\Program Files (x86)\nxlog\conf\custom\tomcatCatalina.conf:53

Please help.

Thanks in advance!

AskedNovember 13, 2020 - 9:53pm

Answer (1)

Hi,

Please note, that you are referring to the NXLog EE docs - that may be important when NXLog CE is being used.

Just in case - I'm not sure if you pasted your config keeping just the lines you wanted to show, but please remember, that each directive set needs to be enclosed in appropriate tags (for instance, inputs in <Input name>...</Input>, outputs in <Output name>...</Output>. Obviously, the example you're referring to misses also the Route declaration.

You clearly have an issue with your REGEX. You've apparently modified the suggested regex, and it causes problems. Also, your logs seem to have a bit different format, so you might need to change your regular expression to meet.

The important question here would be: what do you want extract from your logs? Once it's clear, you can easily extract whatever you need.

Best of luck!
Rafal

Comments (1)

  • LS_140907's picture

    Hi Rafal,

    Thanks so much for your response. Unfortunately the copy paste didn't work well which is having issues with config formatting, sorry about that.

    Do we have any official guide for NxLog CE ? I though I can refer to NxLog EE for reference as they have good examples of integration/usage etc.

    Regarding the input/outputs used in my conf has not showing any issues, and I have also defined Route path which again is working fine.

    As you mentioned, I have issues with the REGEX expression itself. So need help with regex expression for pulling tomcat catalina log in the mentioned format below.

    As you see in the snippet below, I want to pull all the contents of the log and the log also contains error that are written in multiple lines.

    Can you please help me with regex expression for below log format ?

    **tomcat log snippet: **

    19-Aug-2020 12:39:51.412 INFO [Catalina-utility-2] org.apache.catalina.startup.HostConfig.undeploy Undeploying context [/front]

    19-Aug-2020 12:40:32.813 SEVERE [Catalina-utility-2] org.apache.catalina.startup.HostConfig.deployDirectory Error deploying web application directory [D:\Tomcat\webapps\front] java.lang.IllegalStateException: Error starting child at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:720) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1133) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1866) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

    Thanks,
    Lax