[syslog-ng] Tailing tomcat catalina.out

Zoltán Pallagi pzolee at balabit.hu
Tue Mar 30 11:29:34 CEST 2010 

BoOnSiOnG wrote:
> Hi,
>
> Thank you very much, now it works.
>
> another question, by using the same source
>
> source s_tomcat_catalina {
>  		file("/srv/tomcat/logs/catalina.out" flags(no-parse)
>  				default-facility(local3) default-priority(info));
> };
>
> if i forward to central loghost via TCP
>
> my config,
>
> destination ds_forward_catalina { tcp("192.168.203.13",
> template("$MESSAGE\n")); };
>
> it seems doesn't work, no logs forwarded to the loghost.
>   

There is no given port number, are you sure that the syslog-ng of server 
side is listening on tcp port 514?
Also, if syslog-ng has already sent these logs to the server previously 
and there is no new log, you have to remove 
$syslog-ng-dir/var/syslog-ng.persist file to resend them.

You can also check the debug output of syslog-ng:
just start both syslog-ng in debug mode and you may see the problem: 
syslog-ng -Fevd
> On Tue, Mar 30, 2010 at 4:03 PM, Zoltán Pallagi <pzolee at balabit.hu> wrote:
>   
>> Hi,
>>
>> BoOnSiOnG wrote:
>>
>> Hi,
>>
>> my current config,
>>
>> source s_tomcat_catalina {
>> 		file("/srv/tomcat/logs/catalina.out"
>> 				default-facility(local3) default-priority(info));
>> };
>>
>>
>> In this case, syslog-ng will try to parse every line as a BSD style message
>> from this file (but they aren't).
>> Use the flags(no-parse) option:
>>
>> source s_tomcat_catalina {
>> 		file("/srv/tomcat/logs/catalina.out" flags(no-parse)
>> 				default-facility(local3) default-priority(info));
>> };
>>
>>
>> destination df_local3.info {
>> 		file("/var/log/apache2/tomcat_catalina_log", template("$MESSAGE\n"));
>> };
>>
>> original log
>> Mar 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init
>> INFO: JK: ajp13 listening on /0.0.0.0:8009
>> Mar 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start
>> INFO: Jk running ID=0 time=0/15  config=null
>> Mar 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start
>> INFO: Server startup in 439 ms
>>
>> the output for tomcat_catalina_out
>> 30, 2010 3:26:26 AM org.apache.jk.common.ChannelSocket init
>> JK: ajp13 listening on /0.0.0.0:8009
>> 30, 2010 3:26:26 AM org.apache.jk.server.JkMain start
>> Jk running ID=0 time=0/15  config=null
>> 30, 2010 3:26:26 AM org.apache.catalina.startup.Catalina start
>> Server startup in 439 ms
>>
>> Some part of the message was missing, any idea why?
>>
>> Thanks again.
>>
>> On Tue, Mar 30, 2010 at 2:58 PM, Alan McKinnon <Alan.McKinnon at is.co.za>
>> wrote:
>>
>>
>> Use a template and $MESSAGE in the destination.
>>
>> destination d_tomcat_catalina {
>>  file("/path/to/destination/file",
>>  template("$MESSAGE\n") );
>> };
>>
>>
>>
>>
>> On Tuesday 30 March 2010 08:52:33 BoOnSiOnG wrote:
>>
>>
>> Hello all,
>>
>> Good day, I have configure syslog-ng to checks catalina.out every
>> second, but syslog-ng will append date time and machine name to the
>> log, I would like to know is it possible to configure syslog-ng do not
>> alter the original log?
>>
>> my config,
>>
>> source s_tomcat_catalina {
>>                file("/srv/tomcat/logs/catalina.out"
>>                                default-facility(local3)
>> default-priority(info)); };
>>
>>
>> log output,
>> Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
>> org.apache.coyote.http11.Http11Protocol start
>> Mar 29 21:43:38 forward INFO: Starting Coyote HTTP/1.1 on http-8080
>> Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
>> org.apache.jk.common.ChannelSocket init
>> Mar 29 21:43:38 forward INFO: JK: ajp13 listening on /0.0.0.0:8009
>> Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
>> org.apache.jk.server.JkMain start
>> Mar 29 21:43:38 forward INFO: Jk running ID=0 time=0/14  config=null
>> Mar 29 21:43:38 forward Mar: 29, 2010 9:43:37 PM
>> org.apache.catalina.startup.Catalina start
>> Mar 29 21:43:38 forward INFO: Server startup in 428 ms
>>
>> Thanks. :)
>> ___________________________________________________________________________
>> ___ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:
>> http://www.campin.net/syslog-ng/faq.html
>>
>>
>> --
>> Alan McKinnon
>> Systems Engineer^W Technician
>> Infrastructure Services
>> Internet Solutions
>>
>> +27 11 575 7585
>>
>> Please note: This email and its content are subject to the disclaimer as
>> displayed at the following link
>> http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm.
>> Should you not have Web access, send a mail to disclaimers at is.co.za and a
>> copy will be emailed to you.
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>>
>>
>> --
>> pzolee
>>
>>     
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>   


-- 
pzolee

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100330/158555ab/attachment.htm

More information about the syslog-ng mailing list