11 — Elastic Certified Observability Engineer Exam: Logging — Enable and configure integrations to tail a given custom log file
Hello Everyone ✋
In today’s blog we will see how we Enable and configure integrations to tail a given custom log file!
to do so, we need to add some configurations into the policy of the agent in the system integration, like this: fleet>>Fleet Server Policy>> system-1
now you edit the System integration, scrolldown to System syslog logs (log) and add your path like this
on another hand you add this log file and give it a name
<34>1 2024-09-05T10:15:30Z server1 syslogd 12345 - - [exampleSDID@32473 iut="1" eventSource="System" eventID="1001"] System started successfully.
<35>1 2024-09-05T10:16:00Z server1 sshd 12346 - - [exampleSDID@32473 iut="2" eventSource="Authentication" eventID="2002"] Accepted password for user1 from 192.168.1.10 port 22 ssh2.
<36>1 2024-09-05T10:16:30Z server1 myapp 12347 - - [exampleSDID@32473 iut="3" eventSource="Application" eventID="3003"] Application started processing request.
<37>1 2024-09-05T10:17:00Z server1 myapp 12348 - - [exampleSDID@32473 iut="4" eventSource="Application" eventID="3004"] Application encountered an error processing request.
<38>1 2024-09-05T10:17:30Z server1 cron 12349 - - [exampleSDID@32473 iut="5" eventSource="Cron" eventID="4005"] Cron job completed successfully.
<39>1 2024-09-05T10:18:00Z server1 kernel 12350 - - [exampleSDID@32473 iut="6" eventSource="Kernel" eventID="5006"] Kernel panic occurred.
<40>1 2024-09-05T10:18:30Z server1 httpd 12351 - - [exampleSDID@32473 iut="7" eventSource="HTTPD" eventID="6007"] HTTPD server started.
<41>1 2024-09-05T10:19:00Z server1 httpd 12352 - - [exampleSDID@32473 iut="8" eventSource="HTTPD" eventID="6008"] HTTPD server stopped unexpectedly.
<42>1 2024-09-05T10:19:30Z server1 mail 12353 - - [exampleSDID@32473 iut="9" eventSource="Mail" eventID="7009"] Mail service started.
<43>1 2024-09-05T10:20:00Z server1 mail 12354 - - [exampleSDID@32473 iut="10" eventSource="Mail" eventID="7010"] Mail service encountered an error.you save this log file, and copy the path and add it as we did it previously
after that you save the configuration of the integration.
once you done, you go to discover and see if the logs are coming, you filter the logs based on the log.file.path: /Users/mohamed/Downloads/Training/lab-dev.log
you will be able to see the logs coming in realtime.
let me know in comment if you have any question ^^ see you on the next one 🙌
