Change the log level for LogListener.
etc/loglistener.conf configuration file, set
DEBUG and restart LogListener.
In the installation directory, run the following command to restart LogListener.
cd loglistener/tools && ./start.sh
Restarting LogListener does not cause log loss.
Check that logs are successfully reported.
In the installation directory, run the following commands:
cd loglistener/log tail -f loglistener.log | grep "ClsFileProc::readFile" | grep send
If log information similar to that shown in the following is displayed, logs are successfully reported to the service backend.
If logs are reported through HTTP, you can capture packets from port 80 to identify whether logs are successfully reported.
If logs are not successfully reported to the backend, perform the following steps to locate the cause:
Run the following commands in the installation directory to check whether the LogListener collection configuration is correct.
cd loglistener/log tail -f loglistener.log | grep "ClsServerConf::load"
If the configuration has been delivered, log information is as follows:
In the delivered configuration, check whether the information of
path is correct:
log_typeindicates the log parsing type. Its values include
minimalist_log(full text in a single line),
json_log(JSON logs), and
regex_log(full text in multi lines).
pathindicates the log collection directory.
Run the following command in the installation directory to check whether files are correctly listened to:
cd loglistener/log && grep [Name of the reported log file] loglistener.log
grep regex_match loglistener.logto search for log information and check whether the regular expression is correctly configured in the console. If the content shown in the following figure is displayed, the file name match based on the regular expression fails, and you need to log in to the console to change the regular expression.
Check whether the log regular expression parse is correct.
For the extraction modes of full regular expression and full text in multi lines, regular expressions need to be specified. For full text in multi lines, the first line regular expression must match the entire content of the first line, instead of the beginning part of the first line.
Use the log content shown in the following figure as an example. Lines beginning with
WARN are the first lines of logs. In addition to
(INFO|ERROR|WARN), the characters following
WARN also need to be matched.