This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Log ingest rule for custom log source (source type; log path)

Go to solution
marina_pollehn
DynaMight Champion
DynaMight Champion

‎10 Jan 2024 11:27 AM - last edited on ‎11 Jan 2024 08:19 AM by Community Team

I have added a custom log source, namely d:\apps\signaturelogging\*.txt of source type log path. The folder does exist according to Dynatrace (I checked with the Filesystem Monitoring extension) and there are also logs written to it (according to the Filesystem monitoring extension and my own knowledge ;)). Nevertheless my log ingest rules do not seem to work.

My approaches so far were: 

1.

Log source is any of: signaturelogging

 

2.

Log source is any of: d:\apps\signaturelogging\*.txt

 

3.

Log content is any of:
*signatureservice**signaturerequest**error**signature*

(these are words I am expecting in the log messages).

 

Anyone an idea of how I should write the log ingest rule? What am I doing wrong?

A Dynatrace Professional nerd working for Conclusion Xforce
0 Kudos
Reply
4 REPLIES 4

Go to solution
gbaudart
DynaMight Champion
DynaMight Champion

‎10 Jan 2024 01:44 PM

Hi @marina_pollehn ,

To add logs with a specific extension (eg: .txt).
It is necessary to add a “Security Rule” to the machine.

Drop it to this path:

/var/lib/dynatrace/oneagent/agent/config/logmodule

The contents of the "securityRulesLoganalytics.json" file:

{
    "@version":"1.0.0",
    "allowed-log-paths-configuration":[
        {
            "directory-pattern":"d:\apps\signaturelogging\",
            "file-pattern":"*.txt",
            "action":"INCLUDE"
        }
    ]
}

Let me know if it works.

Observability Consultant - Dynatrace Professional Certified
Reply

Go to solution
marina_pollehn
DynaMight Champion
DynaMight Champion
In response to gbaudart

‎10 Jan 2024 02:46 PM - edited ‎10 Jan 2024 02:49 PM

Little question regarding the /config/logmodule. Would this also remain after an update of the OneAgent? Not keen on making these adjustments after every update 😉

A Dynatrace Professional nerd working for Conclusion Xforce
0 Kudos
Reply

Go to solution
gbaudart
DynaMight Champion
DynaMight Champion
In response to marina_pollehn

‎10 Jan 2024 02:49 PM

Yes, it remains good

Observability Consultant - Dynatrace Professional Certified
Reply

Go to solution
CTull
Guide
In response to gbaudart

‎08 Aug 2024 05:57 PM

Afternoon,

I have my Custom Log Sources set to:
Log Path  D:\Program Files\Apache Software Foundation\Tomcat\logs\*
I have my security policy set as:   {
"directory-pattern": "/Program Files/Apache Software Foundation/Tomcat/logs/",
"file-pattern":"*",
"action":"INCLUDE"
},

 

However, there are files in here in the GB file size and I only want one file that changes its date each day for rotation.

What would be the wildcard for this entry.

Example:

localhost_access_log.2024-05-24   and   localhost_access_log.2024-05-25  and localhost_access_log.2024-08-03

I have tried to update the security rule to this but it is still ingesting logs from other files in that directory.

{
"directory-pattern": "/Program Files/Apache Software Foundation/Tomcat/logs/",
"file-pattern":"localhost_access_log.####-##-##",
"action":"INCLUDE"
},

Any ideas how to gather this rotated file and the use of wildcards?  The examples listed in the dynatrace does does not show many examples of wildcards.

0 Kudos
Reply
Ask a question

Featured Posts