Afternoon,
I have been having an issue with the canned Solarwinds Power Shell Log Parser. We use this to comb through logs looking for specific regex's in logs that are cleared nightly and start fresh the next morning. We parse them looking for error codes that are written in the log and if seen we alert on it. We currently have it functioning to go to warning if the regex is found but what we can't seem to do is get it to report as up, when its not found. I have the script below we are using, and a few screen shots. We use this same script with different logs and Regex for 4 monitors, so hoping its an easy fix as its affecting the status of 10,000 of these. Thanks for any feedback!
Oh NPM.12.2 SAM 6.4, Agent based Polling with 4 Pollers.
When Regex is found, so Greater than 0
When Entry is Not Found, Meaning Regex is equal to 0, the app shows as Unknown with the following information.
Total number of Strings Found
$logfile_path = "C:\boh\log\osm.log"
$regex = "Diskrecovery -backup has failed, creating flag"
$Error.Clear();
if ( $logfile_path -eq $null )
{
Write-Host "Message: Can't find ""logfile_path"" argument. Check documentation."
exit 1
}
if ( $regex -eq $null )
{
Write-Host "Message: Can't find ""regex"" argument. Check documentation."
exit 1
}
if ( !$(Test-Path $logfile_path) )
{
Write-Host "Message: File $logfile_path not found."
exit 1
}
$filename = split-path "$logfile_path" -leaf
$t = (Get-Childitem env:temp).value
$usage="total";
$regname = [System.Text.RegularExpressions.Regex]::Replace($regex,"[^1-9a-zA-Z_]","_");
$txt=".txt"
$file_path = "$t\$usage-$filename-$regname-$txt"
if ( Test-Path $file_path )
{ $known_rows = get-content $file_path }
else
{ $known_rows = 0 }
$resn = @()
$resl = @()
[array]$matching_rows = get-childitem $logfile_path | select-string -pattern $regex
$total = $matching_rows.Count
if ($Error.Count -ne 0) {
Write-Host "$($Error[0])"
exit 1
}
if ( $total -lt $known_rows ) {
$known_rows = 0
$known_rows > $file_path
}
$new_rows = $total - $known_rows
$total > $file_path
for ( $i = 0 ; $i -le $total; $i++ ) {
$resn += @($i)
$resl += @($i) }
$i = 1
$stat = $matching_rows | select linenumber, line | ForEach-Object {
$resn[$i] = $_.linenumber
$resl[$i] = $_.line
$i = $i + 1
}
if ($total -eq 0)
{
write-host "Statistic: 0"
write-host "Message: No strings found"
exit 0
}
if ($total -gt 0)
{
$lines = @()
write-host "Statistic: $total"
if($total -gt 1)
{
for ( $i = 1 ; $i -le $total; $i++ )
{
$lines += "<br/>"
$lines += $resl[$i]
$lines += ";"
}
write-host "Message: Total number of lines that match search criteria: $total. Lines that have search string: $lines"
exit 0
}
else
{
$line = $resl[$resl.Count - 1]
write-host "Message: Total number of lines that match search criteria: $total. Lines that have search string: $line"
exit 0
}
}
When Regex is found, so Greater than 0
When Entry is Not Found, Meaning Regex is equal to 0, the app shows as Unknown with the following information.