Use this Knowledge Script to monitor an ASCII text file for specific strings and messages logged since the last monitoring interval. This script allows you to use regular expressions to specify a pattern or search string to search for in an ASCII file. The script reports the matching entries found in the monitoring period. The script checks for changes to the text file that match the string you enter; it does not re-scan the entire file at each interval. The script gathers up to 2 MB worth of result matches for each iteration of the job.
For more information, see Creating Filters with Regular Expressions for General_AsciiLogRX.
In the first interval, the script reads the file and inserts a marker at the end of the file. The script does not search for a specified search string during the first interval. In subsequent intervals, the script checks the file for changes that match the search string you specified. The script raises an event if the number of lines matching your search criteria exceeds the threshold you set.
NOTE:This script reports the number of matched lines in each iteration and the detail message contains the text data. If the detail message is larger than 32 KB, the data is saved in a file on the managed computer (for example, C:\program files\netiq\appmanager\bin\log) and the detail message contains the truncated data. If you generate these log files, periodically remove the files when you are done with them.
Windows 2003 Server or later
The default interval for this script is Once every hour.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
Raise event if matches are found? |
Select y to raise events if text strings or messages that match your search criteria are found. The default is n. |
|
Collect data for matches to search criteria? |
Select y to collect data for charts and reports. If enabled, data collection returns one or more datastreams for each of your search criteria. The default is n. For example, if you search for logon and logoff, and logon is found in C:\Log01 and C:\Log02, but logoff is not found, the script will return three datastreams:
Each data point in a datastream contains the number of matches found for that iteration of the script. |
|
File name |
Specify the full path to the file you want to monitor. For example C:\temp\backup.log. UNC names are also supported, such as \\ENG\appdev\mylog.txt. Tip You can only specify one filename for any job instance. To monitor multiple logs or files, create separate Knowledge Script jobs. |
|
Enforce case-sensitive match? |
Select Yes to enforce a case-sensitive match to your search criteria. The default is n. For example, if set to Yes, search criteria of Error.log would match Error.log, but not error.log. |
|
Find pattern |
Specify a regular expression to identify the string you want to find in the specified file. The default is a blank string, which instructs the script to find all new strings entered since the last time the script ran. |
|
Threshold - Maximum number of matching lines |
Specify the maximum number of matches to your search criteria that can be found before an event is raised. The default is 0. |
|
Event severity when matches are found |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which matches to your search criteria are found. The default is 5. |