Hi Sam,
only root can read and write to that file,
Users that are in the group adm can read the file,
All other users have no access to that file.
I see two solutions …
If you do a
chmod 644 /var/log/apache2/access.log
all other users will have read access … I don’t know if your company’s security rules allow that but it will solve your problem
Adding the user telegraf to the adm group is also a solution
usermod -a -G adm telegraf
Please check with the security team first :-),
Thanks, my telegraf user is part of the adm group and has permission to read this log file.
sudo -u telegraf head /var/log/apache2/access.log
does have read access to this file. This is in my telegraf.conf file. I have no files in /etc/telegraf/telegraf.d/
[[inputs.logparser]]
files = ["/var/log/apache2/access.log”]
from_beginning = false
[inputs.logparser.grok]
patterns = ["%{COMBINED_LOG_FORMAT}"]
measurement = “bw_apache_log"
#custom options commented out
I’ve left the three custom options uncommented to see if they make a difference.
debug=true
My syslog and the inputs.cpu all report to the influxdb. Here’s the relevant snippet of my telegraf.log file after
sudo service telegraf restart
Loaded inputs: cpu logparser
2019-09-05T12:04:21Z I! Loaded aggregators:
2019-09-05T12:04:21Z I! Loaded processors:
2019-09-05T12:04:21Z I! Loaded outputs: influxdb
2019-09-05T12:04:21Z I! Tags enabled: host=bw user=telegraf
2019-09-05T12:04:21Z I! [agent] Config: Interval:10s, Quiet:false, Hostname:“bw”, Flush Interval:10s
2019-09-05T12:04:21Z D! [agent] Connecting outputs
2019-09-05T12:04:21Z D! [agent] Attempting connection to output: influxdb
2019-09-05T12:04:21Z D! [agent] Successfully connected to output: influxdb
2019-09-05T12:04:21Z D! [agent] Starting service inputs
2019-09-05T12:04:21Z D! [inputs.logparser] tail added for file: /var/log/apache2/access.log
2019-09-05T12:04:40Z D! [outputs.influxdb] buffer fullness: 0 / 10000 metrics.
2019-09-05T12:04:50Z D! [outputs.influxdb] wrote batch of 2 metrics in 39.767855ms
I’m certain the files target is the same.
I’m also certain that there is data in this log file by visiting the site and confirming using tail on the source server.
Using Log Viewer I have yet to find these logs. This appears to be confirmed by reading /var/log/telegraf/telegraf.log
2019-09-05T12:22:20Z D! [outputs.influxdb] buffer fullness: 2 / 10000 metrics.
2019-09-05T12:22:30Z D! [outputs.influxdb] wrote batch of 2 metrics in 40.503876ms
When I re-enable syslog and restart telegraf I do get the syslogs, just nothing from logparser. If this is a permissions issue, I’m unsure what to try next to isolate the cause.
Hell i have the same problème somone can help me ?
Error log telegraf :
telegraf -config /etc/telegraf/telegraf.conf -input-filter logparser.grock --test
2020-04-14T09:52:18Z I! Starting Telegraf 1.11.0
2020-04-14T09:52:18Z E! [telegraf] Error running agent: Error: no inputs found, did you provide a valid config file?
My config
[[inputs.logparser]]
files = ["/u00/ekip360/tomcat7/CPA/logs/localhost_access_log.*"]
from_beginning = false
[inputs.logparser.grok]
patterns = ["%{combined_log_format}"]
measurement = "localhost_access_log"@Ben_59 To use --test with this plugin you will need a newer Telegraf version so you an use the --test-wait option. This is because this plugin streams data from the file instead of polling. You will also need to use the plugin name like so with --input-filter.
Keep in mind this will only read new lines added to the file.
telegraf -config /etc/telegraf/telegraf.conf -input-filter logparser --test --test-wait 5
thank yo for your feedback 
but now i have :
[root@linux44:/tmp/TEL] telegraf -config /etc/telegraf/telegraf.conf --input-filter logparser --test
2020-04-16T07:46:28Z I! Starting Telegraf 1.14.1
2020-04-16T07:46:28Z E! [agent] Service for [inputs.logparser] failed to start: no pattern found for %{combined_log_format}
2020-04-16T07:46:28Z E! [telegraf] Error running agent: no pattern found for %{combined_log_format}
Be sure that you have rx permissions on subfolders for everybody, if telegraf user not in wheel group.
chmod 755 /var/log/nginx
drwxr-xr-x. 2 nginx root 4096 Jul 9 09:47 nginx
solved problem in my case.
