vApp rsyslog_custom does not support dynamic file names

Idea created by Bill_Patton Employee on Apr 18, 2019
    • Bill_Patton

    We were able to successfully ingest logs to our target sumo need one quick help if we want to ingest more than one log of same name how we can ingest * doesn't work I have tried below is log snippet which we need to ingest 


    -rw-rw-r-- 1 imps imps 104858301 Mar 19 17:36 etatrans20190319-0001.log
    -rw-rw-r-- 1 imps imps 2020668 Mar 19 23:38 etanotify20190319-0242.log
    -rw-rw-r-- 1 imps imps 34248754 Mar 19 23:56 etatrans20190319-1736.log
    -rw-rw-r-- 1 imps imps 104857613 Mar 20 17:28 etatrans20190320-0001.log
    -rw-rw-r-- 1 imps imps 1832944 Mar 20 23:42 etanotify20190320-0300.log
    -rw-rw-r-- 1 imps imps 33218805 Mar 20 23:56 etatrans20190320-1728.log


    This is how I am ingesting in rsyslog
    $InputFileName /opt/CA/IdentityManager/ProvisioningServer/logs/etanotify*.log
    $InputFileTag wildfly_idm3
    $InputFileStateFile wildfly-idm-file3
    $InputFileSeverity info
    $InputFileFacility local7


    Notes from broadcom engineering: 
    From what i have tested internally, we need latest version of rsyslogd to support wildcards. The Vapp is shipped with version 5.8.10 
    $>rsyslogd -version 
    rsyslogd 5.8.10, compiled with: 
    GSSAPI Kerberos 5 support: Yes 
    FEATURE_DEBUG (debug build, slow code): No 
    32bit Atomic operations supported: Yes 
    64bit Atomic operations supported: Yes 
    Runtime Instrumentation (slow code): No 

    See for more information. 

    On a test machine(Non-Vapp machine) with even rsyslogd version 7.x i was not able to use wildcard for filenames, after upgrading rsyslogd to 8.19 i was able to see it pick up wildcards for filenames and monitoring multiple files. 
    please refer Section (Using Wildcards with rsyslog's File Monitor imfile), it clearly says 

    * Prerequisites ● kernel with inotify support ● at least rsyslog v8.5.0 
    i dont think without updating the rsyslogd version we will be able to accomplish what customer is looking for. 




    We need this update in vApp