Log Parser (PowerShell)

Log Parser (PowerShell)

Configuring Windows Remote Management (WinRM)

  1. If not already done so, install PowerShell 2.0 and WinRM on the APM and target servers. Powershell 2.0 can be found here: http://support.microsoft.com/kb/968930.
  2. On the Orion SAM server, open a command prompt as an Administrator. To do this, perform the following step:

    Go to the Start menu and right-click the cmd.exe and then select Run as Administrator.
  3. Enter the following in the command prompt: 

       winrm quickconfig –q
       winrm set winrm/config/client @{TrustedHosts="*"}
  4. On the target server, open a command prompt as an Administrator and enter the following:

winrm quickconfig
winrm set winrm/config/client @{TrustedHosts="IP_ADDRESS"}

   where IP address is the IP address of your SAM server.

The Log Parser template allows you to check a specified log file and determine the total number of lines that match your search criteria.

Prerequisites: WinRM must be installed and properly configured on the target server.

Credentials: Administrator on target server.

Component Monitors with Syntax

Each monitor uses the same PowerShell script. In some arguments the values may be different. Also, each monitor uses these four arguments in the following order:

LogFilePath,RegularExpression,Usage,Position

  1. Log file path – This is the path of the target log file on the target server. The path cannot contain any spaces.
  2. Regular Expression – This is used for regular expression searches to find a desired string in the log file. Searches are not case sensitive; however, a search cannot contain spaces.
  3. Using one of the “usage” arguments below determines the type of information the monitor should return. The arguments used to return certain values are as follows:
  • Total - Returns the total number of strings found.
  • New - Shows the number of newly found strings.
  • Match - Shows the position of the string found as well as the string itself. It uses the Position argument to determine which string to show.

   4.  Position – This value determines the position from the last string of the log file in the Found String in # Position monitor. For other monitors thic takes part in generating temp files.

Note: For the Total and New usage arguments: If you monitor the same file but different search strings, use random values in the Position argument to generate different temp files.

Below is an example using the Scripts Arguments field. This example returns the number of the second line from the end, as well as the line itself, starting with the word “error,” from the powertest.log file on the D drive.

d:\powertest.log,^error,match,2

Note: You must specify the correct arguments for each monitored component in the Script Arguments field. If you fail to do this, the monitor will return with a status error of "Undefined."


Components Monitors with Examples

Total number of strings found.

This monitor shows the total number of strings that match the search criteria. Additionally in the message field this monitor returns all strings that matches search criteria. In the returning message, this component returns all lines that match the search criteria divided by ";"

Below is an example using the Scripts Arguments field to search the number of strings that match the word “error” in the “powertest.log” file:

d:\powertest.log,^error,total,0

Number of newly found strings.

This monitor shows the number of newly found strings. Additionally, in the message field, this monitor returns all new strings that match search criteria.

Below is an example using the Scripts Arguments field to search for the number of newly found strings since the last script execution. In this case, just the new instances of the searched word, “error” is returned. In the returning message, this component returns all lines that match the search criteria divided by ";"

d:\powertest.log,^error,new,0

Found String in # Position.

This monitor shows the number position of the string found from the end that matches the search criteria, as well as the string itself. By default, this counter also shows the last string.

Below is an example using the Scripts Arguments field which searches for the position of the word, “error” in relation to the end of the log file.

d:\powertest.log,^error,match,1


Parents
  • Very strange issue here...

    When

    When I run this from within SolarWinds, I get:

    Output: ==============================================

    Message: File "C:\ProgramData\<morepathstuff>\ArchiveReceiverLog.txt" not found.

    When I run this in a remote PS session from the appropriate polling engine, all works as expected.

    I have also tried commenting out the initial Test-Path, but then I get an error that "drive C: does not exist".

    Any idea why this would be occurring, or how I can go about seeing a log as to what SolarWinds is actully running on the remote server?

    Thanks!

    Jack

Comment
  • Very strange issue here...

    When

    When I run this from within SolarWinds, I get:

    Output: ==============================================

    Message: File "C:\ProgramData\<morepathstuff>\ArchiveReceiverLog.txt" not found.

    When I run this in a remote PS session from the appropriate polling engine, all works as expected.

    I have also tried commenting out the initial Test-Path, but then I get an error that "drive C: does not exist".

    Any idea why this would be occurring, or how I can go about seeing a log as to what SolarWinds is actully running on the remote server?

    Thanks!

    Jack

Children
No Data