BookmarkSubscribeRSS Feed
Loshadka
Fluorite | Level 6

Hello everyone!

P.S Sorry for my English.

I need catch logs from Metadata server where level = INFO, using syslog-ng.

So, I have a question how should I configure syslog-ng.conf. In source I must indicate this:
source { file("/opt/sas/.../Metadata/metadataserver.sh"); };  and filter { level(info); }; or not?

I do not fully understand how metadata server send log in default directory and where I must catch it's.
And should I change file /opt/sas/.../Metadata/logconfig.xml ? Make a new configure?

 

Thanks

5 REPLIES 5
RajaMarla
SAS Employee

I did not quite understand your question.   But if you are interested in information about syslog-ng then you may want to look at the knowledgebase at https://support.oneidentity.com/syslog-ng-premium-edition/7.0.14

 

Moreover, I do not know which version of the product you are using.   But perhaps the following information helps you:

 

Metadata server logs are written usually to a folder named:

            <..../lev1/Web/WebAppServer/SASServer1_1/logs/ >

 

The log4j configurations are stored in a folder named:

            <.../lev1/Web/Common/LogConfig>

Before attempting to make changes, ensure that you know how log4j works and its syntax.  Extensive documentation is available via google.

 

Hope this helps.

 

 

Loshadka
Fluorite | Level 6

 


Thank for you answer!

I think, my description a problem is not a correct.

I try one more time 🙂

Logs which I need writing, are located in /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs

But every day it make a new file for log, named  like that - SASMeta_MetadataServer_%d_%S{hostname}_%S{pid}.log

 

My syslog-ng version - syslog-ng 2.0.9

 

I want configure /syslog-ng.conf file to reading log with level "info" from /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs

and send it on UDP - protocol to specified server. But I dont't now how I make it, 'cos every day log-file change his name.
I try configure syslog-ng.conf like this:

source sas_log { file("/opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/SASMeta_MetadataServer_%d_%S{hostname}_%S{pid}.log"); };

but syslog don't understand this.

 

I wrote script-file:

#!/bin/bash

cd /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/;
op=$(ls -t | head -1);
ech=$(echo $op);
tail -f -s 1 "$ech" | grep INFO ;

 

and specified it in source, but it doesn't working


 Generally, I want what would syslog-ng every day read actual log-file, if it possible.

 

I hope I decrypt my idea right and simple 🙂

Loshadka
Fluorite | Level 6

>>Logs which I need writing, are located in /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs


Sorry, I'm mean not writing, I mean reading.

RajaMarla
SAS Employee

You can try the following, which will write the "active" log to a single fixed log file name:

 

-  Backup/save the file /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/logconfig.xml  as logconfig.xml.bak

-  Edit the file /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/logconfig.xml  (You will need to insert one line)

 

<!-- Rolling log file with default rollover of midnight. -->
<appender class="RollingFileAppender" name="TimeBasedRollingFile">
<param name="File" value="/opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/SAS_MetadataServer.log"/>
<param name="Append" value="false"/>

 

-   Afterwards, stop/restart your services.

 

Now, you can use the log file: /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/SAS_MetadataServer.log  in your syslog-ng.conf

source sas_log { file("/opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/SAS_MetadataServer.log"); };

 

Note

1.  I do not know much about syslog-ng, so check the syntax carefully

2.  I did not test the above...but I believe the above would work.  You will need to test the above in a "test environment" before you change production configuration.

 

 

 

 

Loshadka
Fluorite | Level 6

Thank you!

You decision is very good and simple.

I think, I try do that your say, if my decision not work.

😃

I do next thing's:

As I say I wrote simple script:

 

Spoiler

#!/bin/bash

 

while true;
do
cd /opt/sas94/SASConfig/Lev1/SASMeta/MetadataServer/Logs/;
op=$(ls -t | head -1);
ech=$(echo $op);
tail -f -s 1 "$ech" | grep -P 'INFO'>>/tmp/arcsight;
sleep 1;
done;

 

 

 

And  started it in nohup.

Syslog source - source { file "/tmp/arcsight" .......); };

 

Now, syslog reading log from /tmp/arcsight and send it to specified server.

 

Thank you one more time!
P.S. sorry for my English

How to improve email deliverability

SAS' Peter Ansbacher shows you how to use the dashboard in SAS Customer Intelligence 360 for better results.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 5 replies
  • 1268 views
  • 1 like
  • 2 in conversation