Archive
Highlighted

rsyslog for websphere application server

Path Finder

Hi

we are collecting the logs to splunk indexer via rsyslog,we've got quite a number of unix serves monitored in this fashion and it is all working well
Now I want to include Websphere application logs into rsyslog so that splunk can pick it up from there do you have any recommended way of doing this or can you let me know how to achieve this please?
Cheers

Highlighted

Re: rsyslog for websphere application server

Splunk Employee
Splunk Employee

One method is to install a Splunk Forwarder on the WAS machines and use the Splunk Forwarder Add-on for WebSphere Application Server app. This allows you to easily parse the logs for the right fields in Splunk.

If you need to continue using rsyslog only and not a Splunk Forwarder on the machine, you can enable SYSLOG output for most Websphere products. Set these to send to localhost or directly to the Splunk Indexer.

With a little looking, I've found that some Websphere products can send a subset of data via syslog natively, but most of the time it only can output to files on disk directory. In this case, use the Text File Input Module for rsyslog to configure the daemon to read your Websphere log files and send them along.

View solution in original post

Highlighted

Re: rsyslog for websphere application server

Path Finder

Thanks for your reply I will try that and let you know:)

0 Karma
Highlighted

Re: rsyslog for websphere application server

Path Finder

Hi..This worked for me..thanks for your help

we've included the file name we want to monitor in syslog conf and via syslog we are sending to a shared drive where splunk forwarders are installed and from there indexed to splunk indexer.It is working but the log is not getting indexed after logroate is done at 4.00am it losts the track of the new log file getting generated .Is there a way to sort this out?

0 Karma