Basic questions for Logtail

Last Updated: Nov 29, 2017

What is Logtail?

Logtail is a log collection agent provided by the Log Service. Once installed on your machine, Logtail monitors specified log files and automatically uploads the new logs written into these files to your designated LogStore.

Does Logtail collect static log files?

Logtail monitors file changes based on change events in the file system and sends logs generated in real time to the Log Service.Logtail does not collect the content of unchanged logs.

What platforms does Logtail support?

Currently, Logtail supports 64-bit Linux and 32/64-bit Windows Server 2003-2012 system.

  • Linux:

    • Alibaba Cloud Linux
    • Ubuntu
    • Debian
    • CentOS
    • OpenSUSE
  • Windows:

    • Windows 7 (Client) 32bit
    • Windows 7 (Client) 64bit
    • Windows Server 2003 32bit
    • Windows Server 2003 64bit
    • Windows Server 2008 32bit
    • Windows Server 2008 64bit
    • Windows Server 2012 64bit

How do I install and upgrade the Logtail agent?

Installation: Install the Logtail agent using an installation script. Upgrade: The Log Service regularly upgrades the Logtail agent without interrupting the data collection process.

How do I configure the Logtail agent?

Refer to Logtail collection configuration on the console.

How does Logtail work?

  1. On the console, configure the directory you want to monitor, the name of the log file, and the related parsing rule (regular expression).
  2. When a log file is changed on your machine, Logtail receives an event from the file system and reads the new log.
  3. Logtail parses the log format based on the regular expression and sends the log to the Log Service.

Does Logtail support log rotation?

When the log file a.LOG reaches a given size or lasts for a given period of time since created, a.LOG is renamed a.LOG.1 (or another name). A new a.LOG file is created for writing new logs. This process is called rotation.Logtail automatically rotates logs based on event notifications from the file system.

How does Logtail handle network exceptions?

In the case of a network exception or write quota overrun, Logtail caches collected logs to the local disk and resends those logs later.The maximum disk cache capacity is 500 MB. Newly cached data overwrites the old one when the 500-MB limit is exceeded. Cached files that fail to be sent to the Log Service within 24 hours are automatically deleted.

What is the log collection delay of Logtail?

Logtail collects logs based on events and sends collected logs to the Log Service within 3s.

How does Logtail process historical logs?

Logtail only collects real-time logs. If the logging time is more than 5 minutes different from the system time at which Logtail processes the log, the log is regarded as a historical log.

How long does a change in log collection configuration take effect for the Log Service?

After you apply configurations to a machine group on the console, Logtail loads and applies the configurations in 3 minutes or less.

How do I locate any log collection problems of Logtail?

  1. Check whether the Logtail heartbeat is normal. If it is abnormal, reinstall Logtail.
  2. Check whether the log files in log collection configuration are generated in real time.
  3. Check whether the regular expression in log collection configuration matches the log content. If the regular expression does not match, view the error in the Logtail run log (Linux:/usr/local/ilogtail/ilogtail.LOG).

Why is the Logtail heartbeat abnormal?

  1. Currently, the Logtail agent only supports 64-bit Linux operating systems.
  2. Use LogStash to collect logs in a Windows system.

If the Logtail heartbeat is abnormal, follow these steps below to perform diagnosis.

  • Check whether the Logtail process exists by running the following command. If the process does not exist, reinstall Logtail. If it exists, go to the next step.
  1. sudo /etc/init.d/ilogtaild status
  • Run the following commands to check network connectivity:

    • Classic network

      1. telnet<region> 80
    • VPC

      1. telnet<region> 80

If your machine is not connected, perform the following check:

  1. If the machine is configured with host name binding (run the hostname command to view the host name; the related file is /etc/hosts), check whether the bound IP address is the same as that in the Log Service machine group.
  2. If no host name is bound, check whether the IP address of the machine’s first network adapter is the same as that in the Log Service machine group.

If the machine is not connected, the Log Service cannot receive heartbeat packets from the machine. In this case, contact the Log Service technical support team for troubleshooting.

If the problem persists, submit a ticket in the ticket system. The Log Service technical support team will look into the problem.

Thank you! We've received your feedback.