How can I make rsyslog to see only today's log file?
Hello,
I am setting up rsyslog config on Centos 7. Everyday new file will be created in apps log path, with date suffix (for example - 20230922 for today). I want that if rsyslog see IMPAIRMENT string in today's log file, then it should forward that log line to 172.30.66.18. Below is the config I will setup. But problem is file name. Everyday filename will be changed and then rsyslog won't be able to read today's file. For example, today the file is sendSyslogActionAlert_20230922.log and tomorrow there will be new file sendSyslogActionAlert_20230923.log. Is there any way, I can put the file name in below config, so rsyslog can see only today's file? I am trying different combinations of +%Y%m%, but it seems I can't get right syntax and make it work. Code:
[root@splunk-serv ~]# cat /var/tmp/impair.conf |
Simpler solution is to create the log as "whatever.log" (no timestamp) and use logrotate to create the daily archives, (using dateext/dateformat/dateyesterday directives as needed).
|
All times are GMT -5. The time now is 06:49 AM. |