Solved

Feeding updtes in a text file to remote syslog server continuously

Posted on 2009-05-06
8
465 Views
Last Modified: 2012-05-06
Hi,

I am trying to find a solution to feed the text log files of some application servers to remote syslog server.

Remote syslog server is running syslog-ng and setup to deliver the incoming log records to different files per host. So the setup is ready.

What I am looking for is a mechanism to feed the content of these text files to remote syslog server via syslog protocol (logger for example). As I don't want to interfere with the application itself, I don't want to modify it to send directly to syslog. A utility would be perfect to capture everything appended to the text file and send it via syslog protocol. This will also make sure that any problem on syslog server or the utility itself will not affect the application's availability.

Any information on this will be appreciated.

Thanks and regards..

-Suleyman Kutlu (SNK)
0
Comment
Question by:SNK-67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 24315174
You can create fifo and attach logger to other end of fifo (or nc for direct feeding to syslog-ng)

mkfifo logfile
logger < logfile & 

0
 
LVL 1

Author Comment

by:SNK-67
ID: 24316034
I am a little confused. What I understand from the command

mkfifo logfile

is to create a FIFO file. But the log files which I want to feed to syslog server are created and managed (rotated) by the application server itself. So I am afraid that if I use mkfifo solution, I will interfere with the application log management.

Did I understand wrong?
0
 
LVL 62

Expert Comment

by:gheist
ID: 24318828
If you are able to make application to not rotate logs and feed data into fifo placed where log should be you are winner.
Is this some sort of standard application like log4j or apache?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 1

Author Comment

by:SNK-67
ID: 24324594
Most of them are log4j, some Apache or SunONE webserver log, some custom application logs.
0
 
LVL 62

Expert Comment

by:gheist
ID: 24324665
There is syslog support in log4j
Apache is too heavy for syslog (imagine sending extra log packet for every access log entry)
0
 
LVL 1

Author Comment

by:SNK-67
ID: 24324802
I know the support in log4j but the main idea on not using this feature is not to cause any problem on the application such as being unable to send logs to syslog server from log4j for any reason (network problems, etc).. Currently if log4j cannot write logs to disk for some reason (such as disk is full) application encounters problems. I don't want to cause such problems on application.

Hence my idea was without changing anything on application settings, I want to grab the logs from the file and send it to syslog server. If for some reason I cannot send to syslog server, it will be a problem of infrastructure group, not the application itself !!

I hope the idea is clear.

0
 
LVL 62

Expert Comment

by:gheist
ID: 24329217
Syslog is stable, accepts log messages when disk full, config file invalid etc.
Apache can log to syslog also.
I assume sun one uses log4j also.
Custom apps can be changed to use log4j.
0
 
LVL 3

Accepted Solution

by:
tkuther earned 125 total points
ID: 24462545
We use rsyslog for such things.

It can nicely monitor any files
http://www.rsyslog.com/doc-imfile.html
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A while back when OPSMGR 2012 was released we were very excited about getting it into our environment and upgrading our 2007 implementation,  we started our planning and we then proceeded with our implementation. All went as planned & our system …
I previously wrote an article addressing the use of UBCD4WIN and SARDU. All are great, but I have always been an advocate of SARDU. Recently it was suggested that I go back and take a look at Easy2Boot in comparison.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question