Hi szabados,
take a look at this great blog post http://blogs.splunk.com/2011/01/02/did-i-miss-christmas-2/ where you learn to use the REST endpoint of the TailingProcessor
to show its activities and what files are currently being read.
Hope this helps ...
cheers, MuS
Thanks, but my idea was to set up an alert in splunk, based on the contents of the internal log of the forwarder.
You could enable debugging on the TailingProcessor
on the forwarder http://docs.splunk.com/Documentation/Splunk/6.3.0/Troubleshooting/Enabledebuglogging and look what is reported in index=_internal
or read the docs here http://docs.splunk.com/Documentation/Splunk/latest/Data/Troubleshoottheinputprocess