Getting Data In

Syslogging via tailing a logfile

NK_1
Path Finder

Ideally, we'd like to modify the application to syslog directly for indexing by Splunk.
In the meantime, is there any adverse effect to tailing the last line of the log, and invoking logger to syslog?


#!/bin/bash
tail -n1 -F -q MyLogFile.log | \
while read -r line ; do
# send to local syslog
logger -t MyAppTag -p local1.info `echo "$line"`
done

Tags (4)

Linegod
Path Finder

We replace syslog with rsyslog, which can send arbitrary files to syslog.

rsyslog imfile

NK_1
Path Finder

That would involve installing the forwarder on every host we use. Our hosts are already set up to forward local syslogged events to be indexed by Splunk, and I am trying to leverage that mechanism.

0 Karma

numentajpb
Engager

I'm curious, why not have splunkforwarder just monitor the logfile directly?

Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...