Monitoring logfiles

• Comparism: mtail, grok_exporter or fluentd
• telegraf

mtail

• GitHub
• Log Collection, Distribution, and Filtering {: #syslog}

Example usage:

cd ~/projects/logging/mtail/testing
mtail --progs ~/projects/logging/mtail/testing/progs --logs /var/log/syslog
curl -s http://localhost:3903/metrics | grep  '^mtail'

Issues

• No support reading from systemd's journal
  • unable to read from unix socket

To receive logs directly from systemd-journal, one must be able to read from a unix domain socket. Mtail now does this, although I kind of regret it. Socket support for both datagram and stream families was tricky and likely has many future bugs.

• Can't push to pushgateway. Possible workaround with PushProx

mtail postfix

• autistici: postfix.mtail
• autistici: postfix.json