'Log Scraping' Log Files at a network location (on a Syslog server)

Hi THWACK,

I would like to understand if log scraping files at a network location,(e.g: \\servername\directory\logfiles.txt) using regex or something similar for keywords/patterns, is possible?

I have seen the community made PowerShell and Perl SAM Application Templates, and where they appear to emulate a version of this, it does not do this completely. But, please do correct me if I am wrong, I am looking to receive alternate information and advice.

Some years ago I administered a product called Micro Focus Operations Manager i.

This product allowed you to remotely and continuously monitor contents of text files at a network location/on the syslog server, and if patterns were matched, then it would create an alert.

It would continuously check the new files and alert as new files contained the particular strings of text you configure it to look for.

The concept seems simple yet powerful and highly beneficial, I almost feel as though I may be missing something obvious for this not be a current option.

From SolarWinds perspective, to similarly achieve this:
- You need to configure SolarWinds to 'be' a syslog and point network devices to SolarWinds
- Then create rules to achieve the log scraping/pattern matching

As this may be the only way to do syslog monitoring from SolarWinds perspective, this may be the path forward if in fact the only one - the negative side is that it introduces further disparity as we already have a syslog.

Or...

- Do away with 'syslog' all together and configure your network devices to send SNMP traps to SolarWinds and use Traps instead
- And configure rules to do XYZ when XYZ trap is received with XYZ text/data

Looking to be corrected, and for as much further information as you can give me, but this is what I have identified so far with SolarWinds.

It would be hugely beneficial to this environment to be able to monitor text files at the network location as we currently have an operating syslog logging errors.

Thanks for your time.

--t.m-k

Find more posts tagged with

Comments

marcrobinson

Dont do away with Syslog. Yes Log Analyzer (another syslog server) is part of HCO. But I would consider setting up specific SNMP monitoring over Traps any day, every day, always.... Traps are a bit chatty. This does depend on your devices/needs too. But Universal Device Pollers are amazing at eliminating the joy of traps and gathering historical data. That is a whole topic in itself.

Getting back to the syslog server - if you have rules in your existing one - see if you can forward specific messages to your SolarWinds instance. This is a blended approach - but can be useful in keeping the actionable things tracked in SolarWinds and the bulk of logs in your syslog.

Otherwise, there are the scripted component monitors and that is dependent on your time and comfort level with those. There may be file monitoring templates that meet your need in the thwack repository too. Searching among them online or in the shared templates when opening SAM - manage templates.

Application Monitor Templates - Server & Application Monitor - THWACK (solarwinds.com)

HerrDoktor

As @marcrobinson mentioned, this is possible with LogAnalyzer and a SolarWinds agent. You define which log files LA should parse and then create a rule to check for the string pattern you like to match.