Hello everyone!

P.S Sorry for my English.

I need catch logs from Metadata server where level = INFO, using syslog-ng.

So, I have a question how should I configure syslog-ng.conf. In source I must indicate this:
source { file("/opt/sas/.../Metadata/"); };  and filter { level(info); }; or not?

I do not fully understand how metadata server send log in default directory and where I must catch it's.
And should I change file /opt/sas/.../Metadata/logconfig.xml ? Make a new configure?



I did not quite understand your question.   But if you are interested in information about syslog-ng then you may want to look at the knowledgebase at


Moreover, I do not know which version of the product you are using.   But perhaps the following information helps you:


Metadata server logs are written usually to a folder named:

            <..../lev1/Web/WebAppServer/SASServer1_1/logs/ >


The log4j configurations are stored in a folder named:


Before attempting to make changes, ensure that you know how log4j works and its syntax.  Extensive documentation is available via google.


Hope this helps.



Thank for you answer!

I think, my description a problem is not a correct.

I try one more time 🙂

Logs which I need writing, are located in /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs

But every day it make a new file for log, named  like that - SASMeta_MetadataServer_%d_%S{hostname}_%S{pid}.log


My syslog-ng version - syslog-ng 2.0.9


I want configure /syslog-ng.conf file to reading log with level "info" from /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs

and send it on UDP - protocol to specified server. But I dont't now how I make it, 'cos every day log-file change his name.
I try configure syslog-ng.conf like this:

source sas_log { file("/opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/SASMeta_MetadataServer_%d_%S{hostname}_%S{pid}.log"); };

but syslog don't understand this.


I wrote script-file:


cd /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/;
op=$(ls -t | head -1);
ech=$(echo $op);
tail -f -s 1 "$ech" | grep INFO ;


and specified it in source, but it doesn't working

 Generally, I want what would syslog-ng every day read actual log-file, if it possible.


I hope I decrypt my idea right and simple 🙂

>>Logs which I need writing, are located in /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs

Sorry, I'm mean not writing, I mean reading.

You can try the following, which will write the "active" log to a single fixed log file name:


-  Backup/save the file /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/logconfig.xml  as logconfig.xml.bak

-  Edit the file /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/logconfig.xml  (You will need to insert one line)


<!-- Rolling log file with default rollover of midnight. -->
<appender class="RollingFileAppender" name="TimeBasedRollingFile">
<param name="File" value="/opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/SAS_MetadataServer.log"/>
<param name="Append" value="false"/>


-   Afterwards, stop/restart your services.


Now, you can use the log file: /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/SAS_MetadataServer.log  in your syslog-ng.conf

source sas_log { file("/opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/SAS_MetadataServer.log"); };



1.  I do not know much about syslog-ng, so check the syntax carefully

2.  I did not test the above...but I believe the above would work.  You will need to test the above in a "test environment" before you change production configuration.





Thank you!

You decision is very good and simple.

I think, I try do that your say, if my decision not work.


I do next thing's:

As I say I wrote simple script:





while true;
cd /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/;
op=$(ls -t | head -1);
ech=$(echo $op);
tail -f -s 1 "$ech" | grep -P 'INFO'>>/tmp/arcsight;
sleep 1;




And  started it in nohup.

Syslog source - source { file "/tmp/arcsight" .......); };


Now, syslog reading log from /tmp/arcsight and send it to specified server.


Thank you one more time!
P.S. sorry for my English

