- What is Logtail?
- Does Logtail collect static log files?
- What platforms does Logtail support?
- How to install and upgrade the Logtail client?
- How to configure and use the Logtail client?
- How does Logtail work?
- Does Logtail support log rotation?
- How does Logtail handle a network exception?
- What is the log collection latency of Logtail?
- How does Logtail process historical logs?
- How long does a change in log collection configuration take effect for Log Service?
- How to troubleshoot log collection problems of Logtail?
Logtail is a log collection client provided by Log Service and facilitates the log access. After being installed on your machine, Logtail monitors specified log files and automatically uploads the logs newly written to these files to your specified Logstore.
Logtail monitors file changes based on change events in the file system and sends logs generated in real time to Log Service. Logtail does not collect the log file contents if the log file is not modified.
Currently, Logtail supports 64-bit Linux and 32-bit/64-bit Windows Server 2003 and later versions.
- Aliyun Linux
- Windows 7 (Client) 32 bit
- Windows 7 (Client) 64 bit
- Windows Server 2003 32 bit
- Windows Server 2003 64 bit
- Windows Server 2008 32 bit
- Windows Server 2008 64 bit
- Windows Server 2012 64 bit
Installation: Install the Logtail client by using the installation script.
Upgrade: Log Service regularly upgrades the Logtail client without interrupting the data collection process.
For more information, see Collect logs by configuring Logtail in the console.
- Configure the directory to be monitored, the log file name, and the corresponding parsing rule (regular expression) in the console.
- If the log file is modified on your machine, Logtail receives an event from the file system and reads the new log.
- Logtail parses the log format based on the regular expression and sends the log to Log Service.
If the log file a.LOG reaches a given size or lasts for a given period of time after being created, a.LOG is renamed as a.LOG.1 (or another name). A new a.LOG file is created for writing new logs. This process is called rotation. Logtail automatically rotates logs based on event notifications from the file system.
If a network exception occurs or the write quota is exceeded, Logtail caches collected logs to the local disk and resends those logs later. The maximum disk cache capacity is 500 MB. Newly cached data overwrites the old one if the 500 MB limit is exceeded. Cached files that fail to be sent to Log Service within 24 hours are automatically deleted.
Logtail collects logs based on events and generally sends collected logs to Log Service within three seconds.
Logtail only collects real-time logs. If the difference between the log time and the system time at which Logtail processes the log is more than five minutes, the log is regarded as a historical log.
After you apply the modified configuration to the machine group in the console, Logtail loads the configuration and has it taken effect within three minutes.
- Check if the Logtail heartbeat is normal. If not, reinstall Logtail.
- Check if the log file in the log collection configuration is generated in real time.
- Check if the regular expression in the log collection configuration matches the log content. If not, view the error in the Logtail running log (
For more information, see Troubleshoot log collection errors.