Log Parser (PowerShell)

Log Parser (PowerShell)

Configuring Windows Remote Management (WinRM)

  1. If not already done so, install PowerShell 2.0 and WinRM on the APM and target servers. Powershell 2.0 can be found here: http://support.microsoft.com/kb/968930.
  2. On the Orion SAM server, open a command prompt as an Administrator. To do this, perform the following step:

    Go to the Start menu and right-click the cmd.exe and then select Run as Administrator.
  3. Enter the following in the command prompt: 

       winrm quickconfig –q
       winrm set winrm/config/client @{TrustedHosts="*"}
  4. On the target server, open a command prompt as an Administrator and enter the following:

winrm quickconfig
winrm set winrm/config/client @{TrustedHosts="IP_ADDRESS"}

   where IP address is the IP address of your SAM server.

The Log Parser template allows you to check a specified log file and determine the total number of lines that match your search criteria.

Prerequisites: WinRM must be installed and properly configured on the target server.

Credentials: Administrator on target server.

Component Monitors with Syntax

Each monitor uses the same PowerShell script. In some arguments the values may be different. Also, each monitor uses these four arguments in the following order:


  1. Log file path – This is the path of the target log file on the target server. The path cannot contain any spaces.
  2. Regular Expression – This is used for regular expression searches to find a desired string in the log file. Searches are not case sensitive; however, a search cannot contain spaces.
  3. Using one of the “usage” arguments below determines the type of information the monitor should return. The arguments used to return certain values are as follows:
  • Total - Returns the total number of strings found.
  • New - Shows the number of newly found strings.
  • Match - Shows the position of the string found as well as the string itself. It uses the Position argument to determine which string to show.

   4.  Position – This value determines the position from the last string of the log file in the Found String in # Position monitor. For other monitors thic takes part in generating temp files.

Note: For the Total and New usage arguments: If you monitor the same file but different search strings, use random values in the Position argument to generate different temp files.

Below is an example using the Scripts Arguments field. This example returns the number of the second line from the end, as well as the line itself, starting with the word “error,” from the powertest.log file on the D drive.


Note: You must specify the correct arguments for each monitored component in the Script Arguments field. If you fail to do this, the monitor will return with a status error of "Undefined."

Components Monitors with Examples

Total number of strings found.

This monitor shows the total number of strings that match the search criteria. Additionally in the message field this monitor returns all strings that matches search criteria. In the returning message, this component returns all lines that match the search criteria divided by ";"

Below is an example using the Scripts Arguments field to search the number of strings that match the word “error” in the “powertest.log” file:


Number of newly found strings.

This monitor shows the number of newly found strings. Additionally, in the message field, this monitor returns all new strings that match search criteria.

Below is an example using the Scripts Arguments field to search for the number of newly found strings since the last script execution. In this case, just the new instances of the searched word, “error” is returned. In the returning message, this component returns all lines that match the search criteria divided by ";"


Found String in # Position.

This monitor shows the number position of the string found from the end that matches the search criteria, as well as the string itself. By default, this counter also shows the last string.

Below is an example using the Scripts Arguments field which searches for the position of the word, “error” in relation to the end of the log file.


  • Im prepping for a large SAM deployment, not having any experience with WinRM I have a few questions for the community.

    1. It appears that if the target server has a SLW agent on it WinRM is not required ?  I did some testing with this template and it appeared to work on the target that had an agent.  The servers that do not have agents clearly state they cannot connect to the remote device.

    2. If I was to go the WinRM agentless route, would I need to define each of my pollers with SAM on them as a trusted host ?

  • Your issue is similar to my issue... this is what I tried...

    I have tried them... Nothing worked... I checked the permissions issue, I created the folder and also I am administrator on the machine... So, I have full permissions on the folder and the file. I tried to place this in the Orion server as a Network path and try it, then tried to WRM the Remote machine using the HTTPS and HTTP. Nothing worked...

    I too opened the support case, they say, we must change the script according to our environment... When they say that, I got think, what, why should I change the script according to my environment and I am not a good script editor, so how can i change? I took help of a member here and did created a script, but, you know what, No Luck!

    Let me know if it works out for you... I shall try it again...


  • Here is the response I got:  (I havnt tried yet)

    More likely than not its a permissions issue - have you check the credentials you using  against the file security?  ensure it has "full control" - is that file local to the Orion server?  I have seen case where the \\machinename\c$  format had to be used for pathing.
    Here's are some guides which might  help also



    Relevant section:

    The following sections provide information and guidance to help you create some of the more complicated types of component monitors.

    For general information about the settings for each component monitor, click the More Information help link in the SolarWinds SAM component monitor description.

      SolarWinds fully supports scripts written and provided by the company; however, we do not provide customer support for custom scripts written by outside sources. SolarWinds does provide sample scripts that we do support located at: C:\Program Files\SolarWinds\Orion\APM\Sample-Script Monitors

  • I am having the same issue....  I have opened a support case, I'll let you know if I get mine fixed  :-)

  • Very strange issue here...


    When I run this from within SolarWinds, I get:

    Output: ==============================================

    Message: File "C:\ProgramData\<morepathstuff>\ArchiveReceiverLog.txt" not found.

    When I run this in a remote PS session from the appropriate polling engine, all works as expected.

    I have also tried commenting out the initial Test-Path, but then I get an error that "drive C: does not exist".

    Any idea why this would be occurring, or how I can go about seeing a log as to what SolarWinds is actully running on the remote server?