Log watcher

Started by Raj, August 19, 2013, 05:13:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Raj

August 19, 2013, 05:13:46 PM Last Edit: August 20, 2013, 04:25:16 PM by Raj
Hi ,

I need to monitor a log file using NetXms. If any application writes a specific string into that file , i need to run some script.
but with the below settings , no event is getting raised.


This is the agent log :

#
# NetXMS agent configuration file
# Created by agent installer at Mon Aug 12 18:44:11 2013
#

MasterServers = 172.27.208.25
ConfigIncludeDir = C:\NetXMS\etc\nxagentd.conf.d
LogFile =C:\NetXMS\240AgentLog.Log
FileStore = C:\NetXMS\var
SubAgent = ecs.nsm
SubAgent = ping.nsm
SubAgent = portcheck.nsm
SubAgent = winperf.nsm
SubAgent = wmi.nsm
SubAgent = ups.nsm

SubAgent = logwatch.nsm

*LogWatch
Parser = C:\NetXMS\Error_monitor.xml

Error_Monitor.xml :

<parser trace="9">
   <file>C:\Program Files\InstantOffice\Logs\ads.log</file>
   <rules>
      <rule>
        <match>@{timestamp}.*ADS service is shutting down.*</match>
        <event>100000</event>
      </rule>
      <rule>
         <level>3</level>
         <match>(.*)</match>
        <event>100000</event>
      </rule>
   </rules>
</parser>


Agent Log File Output :

[20-Aug-2013 19:47:00.872] Log file opened
[20-Aug-2013 19:47:00.872] Additional configs was loaded from C:\NetXMS\etc\nxagentd.conf.d
[20-Aug-2013 19:47:00.872] Debug level set to 0
[20-Aug-2013 19:47:01.122] Subagent "WINNT.NSM" loaded successfully
[20-Aug-2013 19:47:01.132] Subagent "ecs.nsm" loaded successfully
[20-Aug-2013 19:47:01.132] Subagent "ping.nsm" loaded successfully
[20-Aug-2013 19:47:01.142] Subagent "portcheck.nsm" loaded successfully
[20-Aug-2013 19:47:01.202] Subagent "winperf.nsm" loaded successfully
[20-Aug-2013 19:47:01.202] Subagent "wmi.nsm" loaded successfully
[20-Aug-2013 19:47:01.212] Subagent "ups.nsm" loaded successfully
[20-Aug-2013 19:47:01.232] Subagent "logwatch.nsm" loaded successfully
[20-Aug-2013 19:47:01.232] LogParser: parser thread for file "C:\Program Files\InstantOffice\Logs\ads.log" started
[20-Aug-2013 19:47:01.232] LogParser: file "C:\Program Files\InstantOffice\Logs\ads.log" (pattern "C:\Program Files\InstantOffice\Logs\ads.log") successfully opened
[20-Aug-2013 19:47:02.234] Listening on socket 0.0.0.0:4700
[20-Aug-2013 19:47:03.235] NetXMS Agent started
[20-Aug-2013 19:47:16.264] LogParser: new data avialable in file "C:\Program Files\InstantOffice\Logs\ads.log"
[20-Aug-2013 19:47:51.284] LogParser: new data avialable in file "C:\Program Files\InstantOffice\Logs\ads.log"
[20-Aug-2013 19:47:56.291] LogParser: new data avialable in file "C:\Program Files\InstantOffice\Logs\ads.log"


Please advice.

Thanks

Rajesh

Victor Kirhenshtein

#1
August 27, 2013, 05:19:42 PM
Hi!

I see that you are using @{timestamp} macro, but you didn't define it. You should either define the macro, or specify valid regular expression in matching rule.

Best regards,
Victor

Raj

#2
August 28, 2013, 09:44:44 PM
HI ,

What steps do i need to follow to be able to monitor a log file for a entry , once i find that entry i need to restart a windows service.

Thanks

Raj
Print
Go Up Pages1
User actions