powered by Jive Software

Parsing logs and rotating them

My previous answer was taken care of right away. Thank you, everyone!

Next questions: I’‘m now receiving log files that are growing and receiving information, and that’‘s great and all, but I’‘m interested to know how I can read the information. When I used pico and grep (the latter being the most obvious tool, though it didn’‘t help), I get a raw piece of information that’'s hard to deal with.

Second question: How do I change the intervals for rotating the logfiles? Is there a system default that I have yet to find in the administration of the wildfire server. Google’‘s no help, and docs seem mysteriously empty. Or that’'s my perception, anyway.

It’‘s very possible that I’'m just a chump, so who cares? Thanks in advance!

Eric/Rokit

Hi,

which log files do you mean debug,info,warn and error or the audit log files? The audit log files are configurable using the web front end.

To configure debug,info,warn and error you need to add

/code to your wildfire.xml file.

Setting size to 1 means rotation takes part after 1024 Bytes (+ the last log messages) are written.

The rotated log files will be named _1 _2 … _5 - the rotation process will always delete the _5 log file if it exists.

LG

I apologize. The debug, info, warn and error are already set and working… I think. But they’‘re not my focus, and I didn’'t specifically state that.

However, you have started to answer my question. How are the audit logs configurable? Maybe I’‘m thick-headed about this, but I just don’'t know how yet.

Thanks so much!

Hi,

to your first question: You may use cat, tail, grep, … to view them. The displayed information is not formatted, so an XML parser or a short script (sed, perl, c, …) should do it, depending on your needs.

To change the intervals you need to generate more and less packets which are logged;) The audit-policy.jsp page lets you only define the size when the rotation will take place, not a date pattern.

LG

The audit-policy.jsp

page lets you only define the size when the rotation

will take place, not a date pattern.

JM-298

Hi Oleg,

why do you revive this old thread with the JM issue? Wildfire does not use Log4J and one may wonder if it will ever do reading "Switched log classes to use the JDK 1.4 built-in logger. ". So the new forum will not use it.

With Log4J they could solve some of the logging problems which currently exist. (no remote logging, no $date rolling file appender, 4 log files - one may get mad while trying to merge them, debug logging for a single component not possible, …)

I don’‘t know how other companies realize the logging of applications, especially is they use more than just java. Log4J also supports Perl, PHP, C++, so if one has a gateway, a component or a remote server and want to log everything into one log file there is Log4J and probably some other logging frameworks I don’'t know about.

Maybe the dev’'s should consider using Log4J before implementing this daily rolling file appender.

LG

Well, i’'m far away from understanding all the underneath technical stuff. I was just browsing through the old unread threads (there are too many of unread, unanswered threads here). Then i just remembered that JM issue and gave a link. Dont know if voting system is really changing something, but i think one is feeling better when can do something to attract attention (e.g. vote)

He Oleg,

I read all threads just before going to sleep, just like a good night story

There are so many open JM issues, so if one posts a new thread he’'ll likely not check if there is already an issue. The Oracle support forum lets you enter a short description and then does a search before one can enter more text and post a new Oracle-TAR.

So one can enter the subject and then does a “Search” in the KB, JIRA and forum. If one wants to “Continue” without looking at the results this should be possible, but in my opinion many users will check the results. If no appropriate answer is available “Continue” is used to write the message and then “Spell Check”, “Preview” or “Post it”.

LG

You can parse the log files using log4j’'s Chainsaw and org.apache.log4j.varia.LogFilePatternReceiver.

It doesn’'t matter what app created the log file since with this receiver you specify the pattern in the log file.

You can get Chainsaw information and run via Web Start here:

http://logging.apache.org/log4j/docs/chainsaw.html

On the Welcome tab you can find a link to a tutorial and an example receiver configuration which includes a logFilePatternReceiver example.

Once you’'ve created a chainsaw config xml file, specify the config in the view-application wide settings-configuration URL field and restart Chainsaw.

by the way, I wanted to say that this solution for a log parser came from the suggestion to use iBall, and it has done very well.

botlrokit thanks for the feedback. I’'ve been looking unsuccessfully for a similar plugin. I downloaded it lastnight and as you say “it is the BIZ”!

This really should be one of the standard plugins available with wildfire.

I disagree just yet… the features are good, but it seems that a user must be very specific in what they look for (user.name or date structure), but if you include what I consider “normal information” (such as a pair of usernames in the search window), you get nothing.

In some searches, I found that to follow a conversation I must do TWO searches… one for user A, another for user B, and parse the details between the two.

But I am still very happy to have ANYTHING that would parse the logs, so iBall still gets my highest vote.