Using Wildcards with rsyslog's File Monitor imfile

Oct 24, 2014Download as PPTX, PDF8 likes26,110 views

Want to monitor log files with rsyslog and use wildcards to monitor a large file set? This presentation shows you how to do that.

Using Wildcards
with rsyslog’s
File Monitor
Rainer Gerhards, rsyslog project lead

Prerequisites
● kernel with inotify support
● at least rsyslog v8.5.0
● if not available in your distro
o use rsyslog package repository (recommended)
o build from source
● imfile module (usually in base package)

State Files
● rsyslog needs to know how much of a file it
already processed
● upon shutdown a “state file” is created with
this information
● stored in rsyslog work directory
● let rsyslog generate the state file name
automatically!

Restrictions
● wildcards are support at the file level, not at
the directory level
o /var/log/applog*.log is valid
o /var/applog*/logfile.log is invalid
● subdirectories that match the wildcard are
not processed
o if /var/log/applog-dir.log is a directory, it will not be
processed
● wildcards do not work in polling mode

Base Config Sample
global(workDirectory=”/home/rsyslog/spool”)m
odule(load=”imfile”)
input(type=”imfile” tag=”applog”
file=”/var/log/applog*.log”)

Sample: Remote Forwarding
global(workDirectory=”/home/rsyslog/spool”)
module(load=”imfile”)
ruleset(name="infiles") {
action(type="omfwd”
target=”server.example.net”
protocol=”tcp” port=”10514” )
}
input(type=”imfile” tag=”applog”
file=”/var/log/applog*.log”)

Notes on Remote Forwarding Conf
● forwarding happens totally independent from
rest of logging configuration due to use of
ruleset
● module() statement must occur only once
● workDirectory
o is used for all rsyslog work and state files
o must be set only once (usually at top of top level
rsyslog.conf)

The document summarizes new features in Oracle Recovery Manager (RMAN) for Oracle 19c and 18c database releases. Key highlights include the ability to grant and revoke RMAN catalog privileges on specific pluggable databases, support for connecting to recovery catalogs when connected to a pluggable database target, and the new DUPLICATE PLUGGABLE DATABASE command for duplicating pluggable databases to existing container databases. The document also discusses duplicating databases to Oracle Cloud and using RMAN backups after migrating databases between platforms.

Qlik ReplicateでのLog Streamの利用QlikPresalesJapan

Interrupt AffinityについてTakuya ASADA

PostgreSQLのソース・ターゲットエンドポイントとしての利用QlikPresalesJapan

Introduction to Docker storage, volume and imageejlp12

Docker storage drivers allow images and containers to be stored in different ways by implementing a pluggable storage driver interface. Common storage drivers include overlay2, aufs, devicemapper, and vfs. Images are composed of read-only layers stacked on top of each other, with containers adding a writable layer. Storage can be persisted using volumes, bind mounts, or tmpfs mounts. Strategies for managing persistent container data include host-based storage, volume plugins, and container storage platforms.

Qlik Replicate のインストールQlikPresalesJapan

containerdの概要と最近の機能Kohei Tokunaga

Faster Container Image Distribution on a Variety of Tools with Lazy PullingKohei Tokunaga

Introduction and Deep Dive Into ContainerdKohei Tokunaga

[Postgre sql9.4新機能]レプリケーション・スロットの活用Kosuke Kida

pg_walinspectについて調べてみた！（第37回PostgreSQLアンカンファレンス@オンライン発表資料）NTT DATA Technology & Innovation

Github Actions and Terraform.pdfVishwas N

Terraform is a tool for provisioning and managing infrastructure resources. It allows defining and provisioning resources across multiple cloud providers and on-premises software in a consistent workflow. The document discusses introducing Terraform and its configuration language HCL, demonstrating how to create, edit, and delete infrastructure resources like VMs, make changes reproducible, and discuss cloud infrastructure preferences. It concludes with taking questions from the audience.

ポスト・ラムダアーキテクチャの切り札? Apache Hudi（NTTデータテクノロジーカンファレンス 2020 発表資料）NTT DATA Technology & Innovation

Qlik Replicate - Control Tableの詳細QlikPresalesJapan

Understanding container securityJohn Kinsella

This document discusses container security, providing a brief history of containers, security benefits and challenges of containers, and approaches to container vulnerability management and responding to attacks. It notes that while containers are not new, their adoption has increased rapidly in recent years. The document outlines security advantages like smaller surface areas but also challenges like managing vulnerabilities across many moving parts. It recommends strategies like using official images, hardening hosts, scanning for vulnerabilities, and practicing incident response for containers.

アーキテクチャから理解するPostgreSQLのレプリケーションMasahiko Sawada

RootlessコンテナAkihiro Suda

eStargzイメージとlazy pullingによる高速なコンテナ起動Kohei Tokunaga

MySQL Group ReplicationKenny Gryp

Group Replication went Generally Available end of 2016, it introduces a 'synchronous' active:active multi-master eplication, in addition to asynchronous and semi-synchronous replication, the latter 2 being available in in MySQL for longtime. As with any new feature, and especially with introducing active:active multi-master replication, it takes a while before companies are adopting the software in production database environment. For example, even though MySQL 5.7 has been GA for more than a year, adoption is only starting to increase recently. We can, and should, expect the same from Group Replication. As with every release, bugs will be found, and with new features, best practises still need to formed out of practical experience. After giving a short introduction on what Group Replication is, I will cover my experience so far in evaluating Group Replication.

Oracleのソース・ターゲットエンドポイントとしての利用QlikPresalesJapan

Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada

The document discusses transparent data encryption in PostgreSQL databases. It proposes encrypting data at the tablespace and buffer levels for minimal performance impact. A two-tier key architecture with separate master and data encryption keys enables fast key rotation. Integrating with key management systems provides flexible and robust key management. The solution aims to securely encrypt database content with low overhead.

Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesLudovico Caldara

Oracle Fleet Patching and Provisioning allows users to provision, patch, and upgrade Oracle databases and Grid Infrastructure across many servers from a central location. It uses a repository of gold images and working copies to deploy consistent configurations at scale while minimizing errors. Key features include Oracle home management, provisioning, patching, upgrading, and integration with REST APIs.

BuildKitの概要と最近の機能Kohei Tokunaga

Qlik Replicateでのタスク設定の詳細QlikPresalesJapan

PostgreSQL16でのロールに関する変更点（第41回PostgreSQLアンカンファレンス@オンライン発表資料）NTT DATA Technology & Innovation

Block I/O Layer Tracing: blktraceBabak Farrokhi

This document provides an overview of blktrace, a Linux kernel feature and set of utilities that allow detailed tracing of operations within the block I/O layer. Blktrace captures events for each I/O request as it is processed, including queue operations, merges, remapping by software RAID, and driver handling. The blktrace utilities extract these events and allow live tracing or storage for later analysis. Analysis tools like btt can analyze the stored blktrace data to measure processing times and identify bottlenecks or anomalies in how I/O requests are handled throughout the block I/O stack.

CETH for XDP [Linux Meetup Santa Clara | July 2016] IO Visor Project

This document discusses CETH (Common Ethernet Driver Framework), which aims to improve kernel networking performance for virtualization. CETH simplifies NIC drivers by consolidating common functions. It supports various NICs and accelerators. CETH features efficient memory and buffer management, flexible TX/RX scheduling, and a customizable metadata structure. It is being simplified to work with XDP for even higher performance network I/O processing in the kernel. Next steps include further optimizations and measuring performance gains when using CETH with XDP and virtualized environments.

Linux Networking ExplainedThomas Graf

Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.

Fedora Developer's Conference 2014 TalkRainer Gerhards

Life of an Fluentd eventKiyoto Tamura

More Related Content

What's hot (20)

Introduction and Deep Dive Into ContainerdKohei Tokunaga

[Postgre sql9.4新機能]レプリケーション・スロットの活用Kosuke Kida

pg_walinspectについて調べてみた！（第37回PostgreSQLアンカンファレンス@オンライン発表資料）NTT DATA Technology & Innovation

Github Actions and Terraform.pdfVishwas N

ポスト・ラムダアーキテクチャの切り札? Apache Hudi（NTTデータテクノロジーカンファレンス 2020 発表資料）NTT DATA Technology & Innovation

Qlik Replicate - Control Tableの詳細QlikPresalesJapan

Understanding container securityJohn Kinsella

アーキテクチャから理解するPostgreSQLのレプリケーションMasahiko Sawada

RootlessコンテナAkihiro Suda

eStargzイメージとlazy pullingによる高速なコンテナ起動Kohei Tokunaga

MySQL Group ReplicationKenny Gryp

Oracleのソース・ターゲットエンドポイントとしての利用QlikPresalesJapan

Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada

Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesLudovico Caldara

BuildKitの概要と最近の機能Kohei Tokunaga

Qlik Replicateでのタスク設定の詳細QlikPresalesJapan

PostgreSQL16でのロールに関する変更点（第41回PostgreSQLアンカンファレンス@オンライン発表資料）NTT DATA Technology & Innovation

Block I/O Layer Tracing: blktraceBabak Farrokhi

CETH for XDP [Linux Meetup Santa Clara | July 2016] IO Visor Project

Linux Networking ExplainedThomas Graf

Introduction and Deep Dive Into ContainerdKohei Tokunaga

[Postgre sql9.4新機能]レプリケーション・スロットの活用Kosuke Kida

pg_walinspectについて調べてみた！（第37回PostgreSQLアンカンファレンス@オンライン発表資料）NTT DATA Technology & Innovation

Github Actions and Terraform.pdfVishwas N

ポスト・ラムダアーキテクチャの切り札? Apache Hudi（NTTデータテクノロジーカンファレンス 2020 発表資料）NTT DATA Technology & Innovation

Qlik Replicate - Control Tableの詳細QlikPresalesJapan

Understanding container securityJohn Kinsella

アーキテクチャから理解するPostgreSQLのレプリケーションMasahiko Sawada

RootlessコンテナAkihiro Suda

eStargzイメージとlazy pullingによる高速なコンテナ起動Kohei Tokunaga

MySQL Group ReplicationKenny Gryp

Oracleのソース・ターゲットエンドポイントとしての利用QlikPresalesJapan

Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada

Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesLudovico Caldara

BuildKitの概要と最近の機能Kohei Tokunaga

Qlik Replicateでのタスク設定の詳細QlikPresalesJapan

PostgreSQL16でのロールに関する変更点（第41回PostgreSQLアンカンファレンス@オンライン発表資料）NTT DATA Technology & Innovation

Block I/O Layer Tracing: blktraceBabak Farrokhi

CETH for XDP [Linux Meetup Santa Clara | July 2016] IO Visor Project

Linux Networking ExplainedThomas Graf

Viewers also liked (7)

Fedora Developer's Conference 2014 TalkRainer Gerhards

Life of an Fluentd eventKiyoto Tamura

Rsyslog log normalizationRainer Gerhards

Tuning Elasticsearch Indexing Pipeline for LogsSematext Group, Inc.

This document summarizes techniques for optimizing Logstash and Rsyslog for high volume log ingestion into Elasticsearch. It discusses using Logstash and Rsyslog to ingest logs via TCP and JSON parsing, applying filters like grok and mutate, and outputting to Elasticsearch. It also covers Elasticsearch tuning including refresh rate, doc values, indexing performance, and using time-based indices on hot and cold nodes. Benchmark results show Logstash and Rsyslog can handle thousands of events per second with appropriate configuration.

fluent-plugin-norikra #fluentdcasualSATOSHI TAGOMORI

RHCE FINAL Questions and AnswersRadien software

Fluentd vs. Logstash for OpenStack Log ManagementNTT Communications Technology Development

Fedora Developer's Conference 2014 TalkRainer Gerhards

Life of an Fluentd eventKiyoto Tamura

Rsyslog log normalizationRainer Gerhards

Tuning Elasticsearch Indexing Pipeline for LogsSematext Group, Inc.

fluent-plugin-norikra #fluentdcasualSATOSHI TAGOMORI

RHCE FINAL Questions and AnswersRadien software

Fluentd vs. Logstash for OpenStack Log ManagementNTT Communications Technology Development

Similar to Using Wildcards with rsyslog's File Monitor imfile (20)

Integrity and Security in FilesystemsConferencias FIST

This document discusses security and integrity in Linux filesystems. It covers topics such as filesystem sources in the Linux kernel, the virtual filesystem (VFS) layer, common filesystems like ext2/3 and XFS, atomic operations and journaling to improve robustness, cryptography and encryption, and Linux Security Modules (LSM) for access control and security policy enforcement. The goal is to provide an overview of how Linux maintains security and data integrity across its various filesystem implementations.

Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...Puppet

This document summarizes Tyler Croy's presentation on managing the Jenkins infrastructure using Puppet. It describes how the infrastructure evolved from an unmanaged setup at Sun/Oracle to using masterless Puppet and eventually Puppet Enterprise. Key aspects covered include managing services, hardware, code layout, testing, and deployment process. Special thanks are given to Puppet Labs for their support of the project.

Assets, files, and data parsingAly Arman

Assets, Files, and Data Parsing Android offers a few structured ways to store data, notably SharedPreferences and local SQLite databases. And, of course, you are welcome to store your data “in the cloud” by using an Internet-based service. Beyond that, though, Android allows you to work with plain old ordinary files, either one baked into your app (“assets”) or ones on so-called internal or external storage. To make those files work — and to consume data off of the Internet — you will likely need to employ a parser. Android ships with several choices for XML and JSON parsing, in addition to third-party libraries you can attempt to use. This session focuses on Assets, Raw, and Files.

Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.

This document provides an overview of the native Android user-space environment, including: 1) The filesystem layout and key directories like /system, /data, and /vendor. 2) How the build system determines where files are placed. 3) The adb debugging tool and its capabilities. 4) Common command line tools and properties. 5) The init process and ueventd daemon. 6) Libraries like Bionic and integration options for legacy systems.

Turbo charge your logsJeremy Cook

This document discusses ways to optimize logging by centralizing and proactively using log data. It recommends using Monolog to log from application code in a standardized format. Rsyslog can then collect logs centrally from applications and systems. Logstash can further process logs with filters and output them to destinations like Elasticsearch. Graylog2 provides a web interface for powerful log searching, analytics, and alerting. Centralizing, standardizing, and proactively analyzing logs with these open source tools allows for improved monitoring and troubleshooting.

Ripping web accessible .git filesVlatko Kosturjak

This document discusses how to extract source code from websites that have exposed their .git directories without authorization. It describes finding repositories through tools like Nmap scripts and DVCS-Pillage, but notes limitations in completeness. A new tool called DVCS-rip is presented that can fully clone exposed git repositories over various protocols, including branches, with the goal of getting the full source code when it is not otherwise open source. The talk encourages feedback and contributions to improve upon existing tools.

Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA SolutionsNagios

Linux Directory StructureKevin OBrien

The Linux directory structure is organized with / as the root directory. Key directories include /bin and /sbin for essential system binaries, /boot for boot files, /dev for device files, /etc for configuration files, /home for user home directories, /lib for shared libraries, /media and /mnt for mounting removable media, /opt for optional application software, /proc for process information, /root for the root user's home, /tmp for temporary files, /usr for secondary hierarchy data and binaries, and /var for variable data.

4.1. Path traversal post_exploitationdefconmoscow

This document discusses techniques for path traversal attacks after gaining initial access to a system. It provides examples of important files and directories to access outside the web root, including password files, SSH keys, log files, and system information files. It also discusses common locations for these types of files on Linux, Windows, and Coldfusion systems. The goal of path traversal after initial access is to elevate privileges and gather additional sensitive information to fully compromise the target system.

Mastering InnoDB Diagnosticsguest8212a5

The document provides an overview of diagnosing performance and other issues with the InnoDB storage engine in MySQL. It discusses various sources of information for troubleshooting like SHOW ENGINE INNODB STATUS and OS tools. Common problems covered include the InnoDB data dictionary getting out of sync, crashes/segmentation faults, locking issues, and performance problems related to disk I/O, buffer pool hit rates, high CPU usage from row operations or thread thrashing. Interpreting diagnostic output and potential solutions are also outlined.

Harrison fisk masteringinnodb-diagnosticsguest8212a5

This document provides an overview of techniques for diagnosing and troubleshooting performance and other issues with the InnoDB storage engine in MySQL. It discusses sources of diagnostic information like SHOW ENGINE INNODB STATUS and various status variables. Common problems covered include data dictionary issues, crashing, locking, and performance problems related to disk I/O, tablespace usage, CPU usage, and thread thrashing. Interpreting diagnostic information and potential solutions are provided for each type of issue.

ch11_fileInterface.pdfHoNguyn746501

This document summarizes key concepts about file systems from the textbook "Operating System Concepts" by Silberschatz, Galvin and Gagne. It discusses file concepts like attributes and operations. It describes different access methods for files including sequential, direct, and indexed access. It also covers directory structures from single-level to tree-structured and graph-based designs. File system interfaces like mounting, locking, and protection mechanisms are also overviewed.

Syslog.pptifsharahmad

This document discusses syslog and log files. It describes what events should be logged, such as activities in the accounting system and kernel. It discusses different logging policies like rotating log files daily and archiving older files. Syslog is introduced as the system logging utility that routes log messages to files or terminals based on configuration rules. Key syslog components and how software uses the syslog API to generate log entries are outlined.

ansible : Infrastructure automation,idempotent and moreSabarinath Gnanasekar

Ansible is an open source tool that uses SSH to automate and simplify configuration management across servers. It is agentless, uses Python for its language, and has a pull-based model. Ansible uses YAML files called playbooks to define automation jobs and roles. Playbooks contain tasks that are executed sequentially on managed nodes. Ansible supports variables, facts, conditionals, loops and templates to customize automation. It has features like idempotency, vault for secrets, and roles for reusability. Galaxy is a library of community roles.

Windows internals EssentialsJohn Ombagi

This document provides an introduction and overview of key concepts related to the Windows operating system internals. It discusses basic OS concepts, how Windows is implemented, and a simplified view of its inner workings. The document outlines user mode vs kernel mode, processes and threads, virtual memory, objects and handles, Windows design goals, core system files, the executive and kernel, and important system processes like CSRSS and Winlogon. It also covers symmetric multiprocessing, subsystems, and the Windows in Windows 64 (Wow64) subsystem that allows 32-bit apps to run on 64-bit Windows.

Windows Phone 8 - 4 Files and StorageOliver Scheer

PigHive.pptxKeerthiChukka

Apache Pig is a platform for analyzing large datasets that sits on top of Hadoop. It allows users to write scripts in Pig Latin to transform and analyze their data without needing to write Java code. Pig Latin scripts are compiled into sequences of MapReduce jobs that process the data in parallel across large clusters. Pig is useful for data summarization, querying, reporting, and analysis of large datasets.

PigHive presentation and hive impor.pptxRahul Borate

Pig is a platform for analyzing large datasets that sits on top of Hadoop. It allows users to write scripts in Pig Latin, a language similar to SQL, to transform and analyze their data without needing to write Java code. Pig scripts are compiled into sequences of MapReduce jobs that process data in parallel across a Hadoop cluster. Key features of Pig include data filtering, joining, grouping, and the ability to extend it with custom user-defined functions.

Windows Phone 8 - 4 Files and StorageOliver Scheer

The document discusses storage options for Windows Phone 8 applications. It covers using the isolated storage APIs from Windows Phone 7.1 as well as the new storage APIs introduced in Windows Phone 8. Special folders like Shared/Media and Shared/ShellContent are mentioned. Serializing and deserializing data for storage is also covered. Tools like Isolated Storage Explorer for exploring application data storage are presented. Best practices around storage like quota management and serialization performance are also highlighted.

Wonderful world of (distributed) SCM or VCSVlatko Kosturjak

Integrity and Security in FilesystemsConferencias FIST

Continuous Infrastructure: Modern Puppet for the Jenkins Project - PuppetConf...Puppet

Assets, files, and data parsingAly Arman

Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Opersys inc.

Turbo charge your logsJeremy Cook

Ripping web accessible .git filesVlatko Kosturjak

Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA SolutionsNagios

Linux Directory StructureKevin OBrien

4.1. Path traversal post_exploitationdefconmoscow

Mastering InnoDB Diagnosticsguest8212a5

Harrison fisk masteringinnodb-diagnosticsguest8212a5

ch11_fileInterface.pdfHoNguyn746501

Syslog.pptifsharahmad

ansible : Infrastructure automation,idempotent and moreSabarinath Gnanasekar

Windows internals EssentialsJohn Ombagi

Windows Phone 8 - 4 Files and StorageOliver Scheer

PigHive.pptxKeerthiChukka

PigHive presentation and hive impor.pptxRahul Borate

Windows Phone 8 - 4 Files and StorageOliver Scheer

Wonderful world of (distributed) SCM or VCSVlatko Kosturjak

More from Rainer Gerhards (13)

Sicherheit im Internet - Wie kann man sich schützen?Rainer Gerhards

rsyslog meets dockerRainer Gerhards

Rsyslog version naming (v8.6.0+)Rainer Gerhards

The rsyslog project has adopted a new versioning and release cycle scheme to provide features to users more quickly while maintaining stability. The major changes are: 1) Stable releases will now occur every 6 weeks rather than distinguishing between stable and development releases. 2) The minor version number will increment with each new release rather than distinguishing between odd and even numbers. 3) Development versions are now identified by their git commit hash rather than a version number. This allows new features to reach users more rapidly without compromising stability through more frequent testing.

RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards

RSYSLOG is a next generation log processing tool. In the frist part, we will explain the new RSYSLOG v8 engine, its motivation and its benefits. Learn, for example, why writing to Elasticsearch is much faster with the new engine. We will describe the tuning parameters vital for making best use of the new features. In the second part we will explain how to write RSYSLOG plugins in any language. Traditionally, writing rsyslog plugins has been considered quite hard, with at least C knowledge necessary. In v8, we have introduced new interfaces which make it possible to write plugins in any language - be it Python, Perl or Java. Even bash will do. In essence, this is a great tool for any admin to add special needs with just a bit of scripting. We will proivde concrete instructions on how to write a plugin, point to read-to-copy samples and tell how to integrate this into rsyslog. NOTE: This is my LinuxTag Berlin 2014 talk.

The rsyslog v8 engine (developer's view)Rainer Gerhards

Writing External Rsyslog PluginsRainer Gerhards

Wetterbeobachtung - Ein Vortrag für die GrundschuleRainer Gerhards

Rsyslog vs Systemd Journal PresentationRainer Gerhards

Rsyslog vs Systemd Journal (Paper)Rainer Gerhards

CEE Log Integrity and the "Counterpane Paper"Rainer Gerhards

What are the problems in signing log data while it traverses the network? This paper was originaly written to support CEE discussion on log integrity but also clearly describes both the problem and a partial, but practical solution to it. While it uses some CEE terms, it should be easy to follow without CEE knowledge. The paper was written in December 2010 and uploaded in May 2013 to make it easier to obtain it.

State of syslog (2005)Rainer Gerhards

Status of syslog as of 2005Rainer Gerhards

LogFile Auswertung (log analysis)Rainer Gerhards

Sicherheit im Internet - Wie kann man sich schützen?Rainer Gerhards

rsyslog meets dockerRainer Gerhards

Rsyslog version naming (v8.6.0+)Rainer Gerhards

RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards

The rsyslog v8 engine (developer's view)Rainer Gerhards

Writing External Rsyslog PluginsRainer Gerhards

Wetterbeobachtung - Ein Vortrag für die GrundschuleRainer Gerhards

Rsyslog vs Systemd Journal PresentationRainer Gerhards

Rsyslog vs Systemd Journal (Paper)Rainer Gerhards

CEE Log Integrity and the "Counterpane Paper"Rainer Gerhards

State of syslog (2005)Rainer Gerhards

Status of syslog as of 2005Rainer Gerhards

LogFile Auswertung (log analysis)Rainer Gerhards

Recently uploaded (20)

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Book industry standards are evolving rapidly. In the first part of this session, we’ll share an overview of key developments from 2024 and the early months of 2025. Then, BookNet’s resident standards expert, Tom Richardson, and CEO, Lauren Stewart, have a forward-looking conversation about what’s next. Link to recording, transcript, and accompanying resource: https://bnctechforum.ca/sessions/standardsgoals-for-2025-standards-certification-roundup/ Presented by BookNet Canada on May 6, 2025 with support from the Department of Canadian Heritage.

Build Your Own Copilot & Agents For DevsBrian McKeiver

Semantic Cultivators : The Critical Future Role to Enable AIartmondano

SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfPrecisely

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

I started my online journey with several hosting services before stumbling upon Ai EngineHost. At first, the idea of paying one fee and getting lifetime access seemed too good to pass up. The platform is built on reliable US-based servers, ensuring your projects run at high speeds and remain safe. Let me take you step by step through its benefits and features as I explain why this hosting solution is a perfect fit for digital entrepreneurs.

tecnologias de las primeras civilizaciones.pdffjgm517

UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPathCommunity

Join this UiPath Community Berlin meetup to explore the Orchestrator API, Swagger interface, and the Test Manager API. Learn how to leverage these tools to streamline automation, enhance testing, and integrate more efficiently with UiPath. Perfect for developers, testers, and automation enthusiasts! 📕 Agenda Welcome & Introductions Orchestrator API Overview Exploring the Swagger Interface Test Manager API Highlights Streamlining Automation & Testing with APIs (Demo) Q&A and Open Discussion Perfect for developers, testers, and automation enthusiasts! 👉 Join our UiPath Community Berlin chapter: https://community.uipath.com/berlin/ This session streamed live on April 29, 2025, 18:00 CET. Check out all our upcoming UiPath Community sessions at https://community.uipath.com/events/.

How Can I use the AI Hype in my Business Context?Daniel Lehner

𝙄𝙨 𝘼𝙄 𝙟𝙪𝙨𝙩 𝙝𝙮𝙥𝙚? 𝙊𝙧 𝙞𝙨 𝙞𝙩 𝙩𝙝𝙚 𝙜𝙖𝙢𝙚 𝙘𝙝𝙖𝙣𝙜𝙚𝙧 𝙮𝙤𝙪𝙧 𝙗𝙪𝙨𝙞𝙣𝙚𝙨𝙨 𝙣𝙚𝙚𝙙𝙨? Everyone’s talking about AI but is anyone really using it to create real value? Most companies want to leverage AI. Few know 𝗵𝗼𝘄. ✅ What exactly should you ask to find real AI opportunities? ✅ Which AI techniques actually fit your business? ✅ Is your data even ready for AI? If you’re not sure, you’re not alone. This is a condensed version of the slides I presented at a Linkedin webinar for Tecnovy on 28.04.2025.

Procurement Insights Cost To Value Guide.pptxJon Hansen

Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan

This is a Quick Research Guide (QRG). QRGs include the following: - A brief, high-level overview of the QRG topic. - A milestone timeline for the QRG topic. - Links to various free online resource materials to provide a deeper dive into the QRG topic. - Conclusion and a recommendation for at least two books available in the SJPL system on the QRG topic. QRGs planned for the series: - Artificial Intelligence QRG - Quantum Computing QRG - Big Data Analytics QRG - Spacecraft Guidance, Navigation & Control QRG (coming 2026) - UK Home Computing & The Birth of ARM QRG (coming 2027) Any questions or comments? - Please contact Arthur Morgan at [email protected]. 100% human made.

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

At InData Labs, we have been keeping an ear to the ground, looking out for AI-enabled digital transformation trends coming our way in 2025. Our report will provide a look into the technology landscape of the future, including: -Artificial Intelligence Market Overview -Strategies for AI Adoption in 2025 -Anticipated drivers of AI adoption and transformative technologies -Benefits of AI and Big data for your business -Tips on how to prepare your business for innovation -AI and data privacy: Strategies for securing data privacy in AI models, etc. Download your free copy nowand implement the key findings to improve your business.

Manifest Pre-Seed Update | A Humanoid OEM Deeptech In Francechb3

Mobile App Development Company in Saudi ArabiaSteve Jonas

EmizenTech is a globally recognized software development company, proudly serving businesses since 2013. With over 11+ years of industry experience and a team of 200+ skilled professionals, we have successfully delivered 1200+ projects across various sectors. As a leading Mobile App Development Company In Saudi Arabia we offer end-to-end solutions for iOS, Android, and cross-platform applications. Our apps are known for their user-friendly interfaces, scalability, high performance, and strong security features. We tailor each mobile application to meet the unique needs of different industries, ensuring a seamless user experience. EmizenTech is committed to turning your vision into a powerful digital product that drives growth, innovation, and long-term success in the competitive mobile landscape of Saudi Arabia.

2025-05-Q4-2024-Investor-Presentation.pptxSamuele Fogagnolo

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

TrsLabs - Fintech Product & Business ConsultingTrs Labs

Hybrid Growth Mandate Model with TrsLabs Strategic Investments, Inorganic Growth, Business Model Pivoting are critical activities that business don't do/change everyday. In cases like this, it may benefit your business to choose a temporary external consultant. An unbiased plan driven by clearcut deliverables, market dynamics and without the influence of your internal office equations empower business leaders to make right choices. Getting things done within a budget within a timeframe is key to Growing Business - No matter whether you are a start-up or a big company Talk to us & Unlock the competitive advantage

Cyber Awareness overview for 2025 month of securityriccardosl1

Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul

Artificial intelligence is changing how businesses operate. Companies are using AI agents to automate tasks, reduce time spent on repetitive work, and focus more on high-value activities. Noah Loul, an AI strategist and entrepreneur, has helped dozens of companies streamline their operations using smart automation. He believes AI agents aren't just tools—they're workers that take on repeatable tasks so your human team can focus on what matters. If you want to reduce time waste and increase output, AI agents are the next move.

HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungenpanagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-nomad-web-best-practices-und-verwaltung-von-multiuser-umgebungen/ HCL Nomad Web wird als die nächste Generation des HCL Notes-Clients gefeiert und bietet zahlreiche Vorteile, wie die Beseitigung des Bedarfs an Paketierung, Verteilung und Installation. Nomad Web-Client-Updates werden “automatisch” im Hintergrund installiert, was den administrativen Aufwand im Vergleich zu traditionellen HCL Notes-Clients erheblich reduziert. Allerdings stellt die Fehlerbehebung in Nomad Web im Vergleich zum Notes-Client einzigartige Herausforderungen dar. Begleiten Sie Christoph und Marc, während sie demonstrieren, wie der Fehlerbehebungsprozess in HCL Nomad Web vereinfacht werden kann, um eine reibungslose und effiziente Benutzererfahrung zu gewährleisten. In diesem Webinar werden wir effektive Strategien zur Diagnose und Lösung häufiger Probleme in HCL Nomad Web untersuchen, einschließlich - Zugriff auf die Konsole - Auffinden und Interpretieren von Protokolldateien - Zugriff auf den Datenordner im Cache des Browsers (unter Verwendung von OPFS) - Verständnis der Unterschiede zwischen Einzel- und Mehrbenutzerszenarien - Nutzung der Client Clocking-Funktion

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Build Your Own Copilot & Agents For DevsBrian McKeiver

Semantic Cultivators : The Critical Future Role to Enable AIartmondano

SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfPrecisely

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

tecnologias de las primeras civilizaciones.pdffjgm517

UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPathCommunity

How Can I use the AI Hype in my Business Context?Daniel Lehner

Procurement Insights Cost To Value Guide.pptxJon Hansen

Big Data Analytics Quick Research Guide by Arthur MorganArthur Morgan

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

Manifest Pre-Seed Update | A Humanoid OEM Deeptech In Francechb3

Mobile App Development Company in Saudi ArabiaSteve Jonas

2025-05-Q4-2024-Investor-Presentation.pptxSamuele Fogagnolo

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

TrsLabs - Fintech Product & Business ConsultingTrs Labs

Cyber Awareness overview for 2025 month of securityriccardosl1

Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul

HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungenpanagenda

Using Wildcards with rsyslog's File Monitor imfile

1. Using Wildcards with rsyslog’s File Monitor Rainer Gerhards, rsyslog project lead

2. Prerequisites ● kernel with inotify support ● at least rsyslog v8.5.0 ● if not available in your distro o use rsyslog package repository (recommended) o build from source ● imfile module (usually in base package)

3. State Files ● rsyslog needs to know how much of a file it already processed ● upon shutdown a “state file” is created with this information ● stored in rsyslog work directory ● let rsyslog generate the state file name automatically!

4. Restrictions ● wildcards are support at the file level, not at the directory level o /var/log/applog*.log is valid o /var/applog*/logfile.log is invalid ● subdirectories that match the wildcard are not processed o if /var/log/applog-dir.log is a directory, it will not be processed ● wildcards do not work in polling mode

5. Base Config Sample global(workDirectory=”/home/rsyslog/spool”)m odule(load=”imfile”) input(type=”imfile” tag=”applog” file=”/var/log/applog*.log”)

6. Sample: Remote Forwarding global(workDirectory=”/home/rsyslog/spool”) module(load=”imfile”) ruleset(name="infiles") { action(type="omfwd” target=”server.example.net” protocol=”tcp” port=”10514” ) } input(type=”imfile” tag=”applog” file=”/var/log/applog*.log”)

7. Notes on Remote Forwarding Conf ● forwarding happens totally independent from rest of logging configuration due to use of ruleset ● module() statement must occur only once ● workDirectory o is used for all rsyslog work and state files o must be set only once (usually at top of top level rsyslog.conf)

Using Wildcards with rsyslog's File Monitor imfile

Recommended

More Related Content

What's hot (20)

Viewers also liked (7)

Similar to Using Wildcards with rsyslog's File Monitor imfile (20)

More from Rainer Gerhards (13)

Recently uploaded (20)

Using Wildcards with rsyslog's File Monitor imfile