Solved: Monitoring an incrementing file name in a director...

joxley · ‎04-21-2015

A system that I am watching generates log files and rotates them such that the filenumbers increase, every X rows. Currently my monitor stanza is

[monitor:///var/log/mysystem/mainlog.00000.log]
index = my_index
sourcetype = mysystem_mainlog
disabled = false

There are lots of different log files in that directory. How should I monitor just mainlog*?

joxley · ‎04-21-2015

The solution is to monitor the directory with a whitelist:

 [monitor:///var/log/mysystem]
 whitelist = mainlog.\d+.log
 index = my_index
 sourcetype = mysystem_mainlog
 disabled = false

joxley · ‎04-21-2015

The solution is to monitor the directory with a whitelist:

 [monitor:///var/log/mysystem]
 whitelist = mainlog.\d+.log
 index = my_index
 sourcetype = mysystem_mainlog
 disabled = false

Monitoring an incrementing file name in a directory with a lot of different log files, how do I monitor just that file name?