A system that I am watching generates log files and rotates them such that the filenumbers increase, every X rows. Currently my monitor stanza is
[monitor:///var/log/mysystem/mainlog.00000.log]
index = my_index
sourcetype = mysystem_mainlog
disabled = false
There are lots of different log files in that directory. How should I monitor just mainlog*
?
The solution is to monitor the directory with a whitelist:
[monitor:///var/log/mysystem]
whitelist = mainlog.\d+.log
index = my_index
sourcetype = mysystem_mainlog
disabled = false
The solution is to monitor the directory with a whitelist:
[monitor:///var/log/mysystem]
whitelist = mainlog.\d+.log
index = my_index
sourcetype = mysystem_mainlog
disabled = false