Log Monitoring Classic
Dynatrace monitors rotation patterns for log files. This functionality ensures the completeness of the file reading process, even if OneAgent is temporarily switched off or the application crashes. The monitoring process has two dimensions:
Typically, rotated log files have their specific rotation identifiers embedded into file names. The rotation identifiers can be an appended timestamp or a counter. For example:
Active log file with no rotation identifier:
/var/log/application.log
Rotated/archived log files with appended identifiers as date stamp:
/var/log/application.log.20220509
/var/log/application.log.20220508
…
/var/log/application.log.20220503
Rotated/archived log files with appended identifiers as counter:
/var/log/application.log.1
/var/log/application.log.2
Depending on the file type, Dynatrace might replace the rotation identifier with the #
symbol in the log autodiscovery process.
Active log file:
/var/log/application20220509_060000.log
Rotated/archived log files:
/var/log/application20220509_030000.log
/var/log/application20220508_000000.log
/var/log/application20220508_210000.log
…
/var/log/application20220503_090000.log
are detected as /var/log/application#_#.log
The data types that can be substituted by #
include:
To be monitored, a rotated log file must contain a rotation identifier preceded and followed by one of the predefined separators, including .
(dot), -
(hyphen), _
(underscore), ()
(brackets) or []
(square brackets).
In a scenario where a rotation identifier is a decimal number, it is sufficient that it is either preceded or followed by a predefined separator.
Apart from explicit rotation identifiers visible under the #
symbol, Dynatrace implicitly supports monitoring of rotated files that:
.
, -
, _
, ()
, []
)Active log file:
/var/log/application.log
Dynatrace detects a file with the '/var/log/application.log' name and identifies rotated files in all examples below:
/var/log/application.log.1
/var/log/application.log.2
…
/var/log/application.log.9
or
/var/log/application.20220509.120000.log
/var/log/application.20220509.060000.log
/var/log/application.20220508.120000.log
…
/var/log/application.20220503.120000.log
or
/var/log/application.20220509.log.1
/var/log/application.20220509.log.2
/var/log/application.20220508.log.1
…
/var/log/application.20220503.log.1
/var/log/application.20220503.log.2
Dynatrace supports the main types of log generation, including:
Scenarios that are not supported in the rotated log monitoring process include:
Type
Description
Rotated log generation with a directory change
The potential consequence is the creation of duplicates and/or incomplete logs.
Rotated log generation with immediate compression
If a rotation criterion is met (for example, the required file size is reached), the file is moved to another location and immediately compressed. Example: /var/log/application.log -> /var/log/application.log.1.gz -> /var/log/application.log.2.gz -> /var/log/application.log.3.gz
. This process might again lead to incomplete log ingest. There should be at least one uncompressed rotated file.
Rotated log generation with queue logic
The oldest log records are removed whenever new content is added to a file, resulting in a relatively constant log file size. This scenario can be easily replaced with a supported rotation scheme by, for example, starting a new file when the current file reaches a predefined size.