Logwatch on Windows Scheduled Tasks log

Started by ftrotta, April 09, 2012, 01:55:49 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

ftrotta

April 09, 2012, 01:55:49 PM
I'm trying to watch the log of Windows Scheduled Task.

The file to watch is c:\Windows\Tasks\SchedLgU.txt

The (very basic) parser file I use is
Begin file ----------
<parser>
   <file>c:\Windows\Tasks\SchedLgU.txt</file>
   <rules>
      <rule>
         <match>ERROR</match>
         <event>100002</event>
      </rule>
   </rules>
</parser>
End File -----------

Agent version is: 1.0.13
Operating system is: Windows 2003 server R2

I started the agenti in debug mode (level 9) and I cannot see anything happening.

Victor Kirhenshtein

#1
April 10, 2012, 06:54:33 PM
Try to enable tracing on parser level by replacing <parser> with <parser trace="9">.

Best regards,
Victor

ftrotta

#2
April 10, 2012, 08:24:48 PM
I enabled parser tracing; I manually edited the file; The result follows.

Begin of the file ------
This line in manually added with an ERROR
This is another line with an ERROR
ERROR line

End of file-------

Standard output begin------
....
<Here first line was added>
[10-Apr-2012 19:17:11] LogParser: new data avialable in file "c:\Windows\Tasks\SchedLgU.txt"
...
<Here second line was added
[10-Apr-2012 19:17:31] LogParser: new data avialable in file "c:\Windows\Tasks\SchedLgU.txt"
[10-Apr-2012 19:17:31] Match line: "
[10-Apr-2012 19:17:31] checking rule 1 ""
[10-Apr-2012 19:17:31]   rule has no context
[10-Apr-2012 19:17:31]   matching against regexp ERROR
[10-Apr-2012 19:17:31]   no match
[10-Apr-2012 19:17:31] Processing stopped at end of rules list; result = false
....
<Here third line was added. Notice that \n is present at the end of the line>
[10-Apr-2012 19:17:46] LogParser: new data avialable in file "c:\Windows\Tasks\chedLgU.txt"
[10-Apr-2012 19:17:46] Match line: "
[10-Apr-2012 19:17:46] checking rule 1 ""
[10-Apr-2012 19:17:46]   rule has no context
[10-Apr-2012 19:17:46]   matching against regexp ERROR
[10-Apr-2012 19:17:46]   no match
[10-Apr-2012 19:17:46] Processing stopped at end of rules list; result = false
[10-Apr-2012 19:17:46] Match line: ""
[10-Apr-2012 19:17:46] checking rule 1 ""
[10-Apr-2012 19:17:46]   rule has no context
[10-Apr-2012 19:17:46]   matching against regexp ERROR
[10-Apr-2012 19:17:46]   no match
[10-Apr-2012 19:17:46] Processing stopped at end of rules list; result = false
....
Standard output end ----

Agent versione: 1.1.10
Operating system: Windows Small Business Server SP2

Victor Kirhenshtein

#3
April 18, 2012, 10:29:41 PM
Looks like bug in agent to me. Can you please post here or send to [email protected] your log file?

Best regards,
Victor
Print
Go Up Pages1
User actions