I am trying to solve "sending" log files from directories and subdirectories to central log server using imfile in Rsyslog.
OS is CentOS 7
CentOS Linux release 7.3.1611 (Core)
Rsyslog is v8 from official repo.
rsyslogd 8.26.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 6
This Rsyslog version support wildcards on directory level. But it looks like it is not support directory wildcards with imfile.
https://www.slideshare.net/rainergerhards1/using-wildcards-with-rsyslogs-file-monitor-imfile/4
Problem is there is lot of directories in my case (and new are dynamically created) so I cannot create config for each directory.
I noticed that Rsyslog send all new files from all directories (including all wildcards subdirectories) to central log server when is restarted. But when new file is created after restart Rsyslog did not start "send" this file to central log server.
Workaround could by restart Rsyslog each X minutes, but I don't think it is good idea.
Can you please help me find some workaround or another configuration to handle this problem (maybe newer version of Rsyslog support it)?
Best regards, cr4wen
