Use this Knowledge Script to monitor one or more ASCII text files for specific strings and messages logged since the last monitoring interval. Also, use this Knowledge Script to specify a pattern or search string to look for in specified ASCII files, and report the matching entries found in the monitoring period. The script checks for changes to the text files that match the string you enter; it does not re-scan the entire file at each interval. The script gathers up to 2 MB worth of result matches for each iteration of the job.
In the first interval, the script reads the file and inserts a marker at the end of the file. The script does not search for a specified search string during the first interval. In subsequent intervals, the script checks the file for changes that match the search string you specified. The script raises an event if the number of lines matching your search criteria exceeds the threshold you set.
NOTE:The script reports the number of matched lines in each iteration and the detail message contains the text data. If the detail message is larger than 32KB, the data is saved in a file on the managed computer (for example, C:\program files\netiq\appmanager\bin\log) and the detail message contains the truncated data. If you generate these log files, periodically remove the files when you are done with them. This script supports files up to 12 GB in size.
Windows 2003 Server or later
The default interval for this script is Once every hour.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
Event Notification |
|
|
Raise event if matches are found? |
Select Yes to raise events if text strings or messages that match your search criteria are found. The default is Yes. |
|
Event severity when matches are found |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which matches to your search criteria are found. The default is 15 (yellow event indicator). |
|
Raise event if no files are found? |
Select Yes to raise an event if no ASCII files matching your search criteria are found. The default is unselected. |
|
Event severity when no files found |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which no ASCII files matching your search criteria are found. The default is 10 (red event indicator). |
|
Raise event if no matches are found? |
Select Yes to raise an event if no text strings or messages that match your search criteria are found in the specified files. The default is unselected. |
|
Event severity when no matches found |
Set the event severity level, from 1 to 40, to indicate the importance of an event if no matches to your search criteria are found in the specified files. The default is 20 (yellow event indicator). |
|
Event severity when job fails |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which the AsciiLog job fails. The default is 5 (red event indicator). |
|
Data Collection |
|
|
Collect data for matches to search criteria? |
Select Yes to collect data for charts and reports. If enabled, data collection returns one or more datastreams for each of your search criteria. For example, if you search for logon and logoff, and logon is found in C:\Log01 and C:\Log02, but logoff is not found, the script will return three datastreams:
Each data point in a datastream contains the number of matches found for that iteration of the script. The default is unselected. |
|
Monitoring |
|
|
Directory to monitor |
Specify the path to the directory in which you want to begin your search, or click Browse [...] to navigate to that directory. UNC paths are also supported, such as \\ENG\appdev. |
|
Include sub-directories? |
Select Yes to have the script search all sub-directories of the directory you specified in Directory to monitor. The default is unselected. |
|
File name (can use wildcards *, ? and %) |
Specify the name of the ASCII file in which you want to search. You can use wildcards to specify filenames. The default is logfile*.log. Use the * wildcard to match any sequence of zero or more characters. For example, *.log instructs the script to search all .log files. Use the ? wildcard to match any single character. For example, Log0? instructs the script to search for any file whose name begins with Log0 and includes one other character. NOTE:You can use multiple instances of the * and ? wildcards to specify filenames; for example: *log*.log or ??log.log. Use the % wildcard as a placeholder for the date format specified in Date selection format. For example, if you routinely generate a new file of the same name each day and append the filename with a date, you can use this wildcard to tell the script to always search the latest version of the file. Use this wildcard in place of the date added to the filename. For example, if your file is Log<date>, specify the filename in this parameter as Log%. |
|
Date selection format |
Select the date format. If you are searching files that contain a date as part of the filename, as specified in File name (can use wildcards *, ? and %), you can use this parameter to select the format. |
|
Search patterns |
Specify the string for which you want to search. Separate multiple string entries by commas. NOTE:The strings you enter cannot contain commas, because commas are used to separate strings from one another. |
|
Threshold - Maximum number of matching lines |
Specify the maximum number of matches to your search criteria that can be found before an event is raised. The default is 0. |
|
Enforce case-sensitive match? |
Select Yes to enforce a case-sensitive match to your search criteria. The default is unselected. For example, if set to Yes, search criteria of E*.log would match Error.log, but not error.log. |
|
Require literal match? |
Select Yes to enforce a literal match to your search criteria, where the exact string entered in the Search Patterns parameter will be sought. The default is unselected. If this parameter is unselected, and multiple words, separated by white space, are entered in the Search Patterns parameter, the script will search for each of the words in each line of the monitored file. If this parameter is selected, and multiple words, separated by white space, are entered in the Search Patterns parameter, the script will search for the entire string as it is specified. |
|
Scan entire file on first iteration? |
Select Yes to scan the entire file on the first iteration of the job. If set to No, the default, the first iteration of the job places a marker at the end of a file and scans from that point on during subsequent iterations. |