Solved: Re: Log ingest rule for custom log source (source type; log path)

marina_pollehn · ‎10 Jan 2024

I have added a custom log source, namely d:\apps\signaturelogging\*.txt of source type log path. The folder does exist according to Dynatrace (I checked with the Filesystem Monitoring extension) and there are also logs written to it (according to the Filesystem monitoring extension and my own knowledge ;)). Nevertheless my log ingest rules do not seem to work.

My approaches so far were:

1.

Log source is any of: signaturelogging

2.

Log source is any of: d:\apps\signaturelogging\*.txt

3.

Log content is any of:
*signatureservice**signaturerequest**error**signature*

(these are words I am expecting in the log messages).

Anyone an idea of how I should write the log ingest rule? What am I doing wrong?

A Dynatrace Professional nerd working for Conclusion Xforce

gbaudart · ‎10 Jan 2024

Hi @marina_pollehn ,

To add logs with a specific extension (eg: .txt).
It is necessary to add a “Security Rule” to the machine.

Drop it to this path:

/var/lib/dynatrace/oneagent/agent/config/logmodule

The contents of the "securityRulesLoganalytics.json" file:

{
    "@version":"1.0.0",
    "allowed-log-paths-configuration":[
        {
            "directory-pattern":"d:\apps\signaturelogging\",
            "file-pattern":"*.txt",
            "action":"INCLUDE"
        }
    ]
}

Let me know if it works.

Observability Consultant - Dynatrace Associate Certified

marina_pollehn · ‎10 Jan 2024

Little question regarding the /config/logmodule. Would this also remain after an update of the OneAgent? Not keen on making these adjustments after every update 😉

A Dynatrace Professional nerd working for Conclusion Xforce

gbaudart · ‎10 Jan 2024

Yes, it remains good

Observability Consultant - Dynatrace Associate Certified