Logtail is a log collection agent provided by the Log Service. Once installed on your machine, Logtail monitors specified log files and automatically uploads the new logs written into these files to your designated LogStore.
Logtail monitors file changes based on change events in the file system and sends logs generated in real time to the Log Service.Logtail does not collect the content of unchanged logs.
Currently, Logtail supports 64-bit Linux and 32/64-bit Windows Server 2003-2012 system.
- Alibaba Cloud Linux
- Windows 7 (Client) 32bit
- Windows 7 (Client) 64bit
- Windows Server 2003 32bit
- Windows Server 2003 64bit
- Windows Server 2008 32bit
- Windows Server 2008 64bit
- Windows Server 2012 64bit
Installation: Install the Logtail agent using an installation script. Upgrade: The Log Service regularly upgrades the Logtail agent without interrupting the data collection process.
- On the console, configure the directory you want to monitor, the name of the log file, and the related parsing rule (regular expression).
- When a log file is changed on your machine, Logtail receives an event from the file system and reads the new log.
- Logtail parses the log format based on the regular expression and sends the log to the Log Service.
When the log file a.LOG reaches a given size or lasts for a given period of time since created, a.LOG is renamed a.LOG.1 (or another name). A new a.LOG file is created for writing new logs. This process is called rotation.Logtail automatically rotates logs based on event notifications from the file system.
In the case of a network exception or write quota overrun, Logtail caches collected logs to the local disk and resends those logs later.The maximum disk cache capacity is 500 MB. Newly cached data overwrites the old one when the 500-MB limit is exceeded. Cached files that fail to be sent to the Log Service within 24 hours are automatically deleted.
Logtail collects logs based on events and sends collected logs to the Log Service within 3s.
Logtail only collects real-time logs. If the logging time is more than 5 minutes different from the system time at which Logtail processes the log, the log is regarded as a historical log.
After you apply configurations to a machine group on the console, Logtail loads and applies the configurations in 3 minutes or less.
- Check whether the Logtail heartbeat is normal. If it is abnormal, reinstall Logtail.
- Check whether the log files in log collection configuration are generated in real time.
- Check whether the regular expression in log collection configuration matches the log content. If the regular expression does not match, view the error in the Logtail run log (Linux:/usr/local/ilogtail/ilogtail.LOG).
- Currently, the Logtail agent only supports 64-bit Linux operating systems.
- Use LogStash to collect logs in a Windows system.
If the Logtail heartbeat is abnormal, follow these steps below to perform diagnosis.
- Check whether the Logtail process exists by running the following command. If the process does not exist, reinstall Logtail. If it exists, go to the next step.
sudo /etc/init.d/ilogtaild status
Run the following commands to check network connectivity:
telnet logtail.cn-<region>-intranet.log.aliyuncs.com 80
telnet logtail.cn-<region>-vpc.log.aliyuncs.com 80
If your machine is not connected, perform the following check:
- If the machine is configured with host name binding (run the
hostnamecommand to view the host name; the related file is
/etc/hosts), check whether the bound IP address is the same as that in the Log Service machine group.
- If no host name is bound, check whether the IP address of the machine’s first network adapter is the same as that in the Log Service machine group.
If the machine is not connected, the Log Service cannot receive heartbeat packets from the machine. In this case, contact the Log Service technical support team for troubleshooting.
If the problem persists, submit a ticket in the ticket system. The Log Service technical support team will look into the problem.