Hi.. everybody,
There are some two requreiments for monitoring system
1. Search specific keyword of file(c:\test.txt) in local drive of agent every 1 hour.
2. Search existence running process for example notepad.exe in windows platform of agent every 1 hour
May i know how to configure in NetXMS? Thank in advance.
Kelvin Sin
Hi!
1. do you need to check for file existence or to search for some string inside the file? To check for file existence, you can use File.Count parameter - it returns number of files matching given name or pattern. To search for string inside file, you should setup logwatch subagent for that file.
2. Parameter Process.Count(process_name) will return you number of running processes with given name. You can schedule DCI to be collected once per hour, and generate event if it is running (or not running).
Best regards,
Victor
Hi Victor,
First of all, thank you for your help.
Regardinging question 1, I want to search some OLD string inside file. this is static file instead of log file.
I think i can't use logwatch subagent method to check it. It is because string can only be searched when NEW line is added. Am i misunderstanding usage of logwatch subagent.
Regards,
Kelvin Sin
Yes, you are right - logwatch looks for new records in file. But why you need to look repeatedly for old records in a file?
Best regards,
Victor
My monitored application will generate new log file every hour.
Latest log file is heavily accessed and written by application. On average, log file size is 1.5M every hour. All contenet is in text format.
I am afraid that it affects application performance. Therefore, I just monitor pervious version log file which is generated last hour.
This is why I look repeatedly for old records in a file.
Question 1: Is there any idea to monitor old records in a file?
Question 2: Is there any performance issue about monitor heavy read+write operation log file by logwatch? Is there any limitation?
Logwatch subagent can work with changing log file names. If agent detect file name change, it reads new log file from the beginning. Also, it detects file overwrite, so if file was overwritten, it also will be scanned from the beginning. How do you log files named?
Regarding question 2 - it is application specific. I don't think there should be any performance impact. Also, there should be no problem on UNIX to read file being actively written, but it can cause application misbehavior on Windows. The only way to know it for sure is to test it.
Best regards,
Victor
Log file is named as below pattern
AMS3AutoDealerLog00Thu06Jan2010.AMS3
AMS3AutoDealerLog01Thu06Jan2010.AMS3
..
..
..
..
AMS3AutoDealerLog23Thu06Jan2010.AMS3
Pattern is
AMSAutoDealerLog<00-23><MON-FRI)<DDMMMYYYY>.AMS
log file will be generated every hour.
Is log file name represents current date and time? If yes, then for that pattern active log file can be identified as following:
<file>AMS3AutoDealerLog%H%a%d%b%Y.AMS3</file>
Logwatch will automatically switch to new file each hour.
But if log file name contains past hour, not current, then you will need to create external script which will provide logwatch with file name to parse. To use script for generating log file name, use following syntax:
<file>AMS3AutoDealerLog`my_script_name`.AMS3</file>
Best regards,
Victor