cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Log File Text Search

This Log File monitor can check for a search string in a log file that contains a date stamp.

There are two features of this template that improve on other File Text Monitoring templates.

1.    This template can handle date stamps in the file name like…”ErrorLog-08_23_2010.txt”. You can use the ${Date} variable anywhere in the filename to substitute in the current date in the file name…“ErrorLog-${Date}.txt”. You can use any combination of yy, yyyy, m, mm, d, and dd. You can use separators like -, ., _, and /.

2.    This template can also handle multiple hits of the search string in a file. Previous File Text Monitoring templates alert when the first hit on a search comes up, and then that alert stays there until the text is gone (When the text file is replaced at the next day). This means if the error occurs at 1am the alert stays there all day long, and if a second error occurs during the day you will not get alerted.
This monitor actually counts how many times a search string is hit, and alerts if new hits occur. The component will go critical at the first hit, and then go warning at the next check. The warning just indicates the search string was hit sometime that day. If a new hit on the search happens, the component will go critical again, and then go back to warning again on the next check.
I also record how many times the search has hit in the one log file with the statistic field. It will increment by 1 every time the search hits, and clear back to 0 the next day.

One other feature is the FailIf option. You can just change strFailIf = “found” to strFailIf = “notfound” if you want the component to go critical if the search is not found.

A full list of all 4 variants and their usage is located in the Description of the Template, as well as at the top of the Script Body.

Labels (1)
Attachments
Comments
Can the filename include a wildcard? After date our log files have some random numbers.
I renamed the file but It is not working for me.

What to use in the file path? In example its forward slash / while in the component it is backslash \. Backslash makes more sense in windows environment.
Has anyone got this working?
julrich, could you provide details on how to install an configure this please

How do you disable the Critical/Warning/Critical/Warning etc. The log file I'm monitoring will generate a lot of the same string I'm looking for when it fails. i don't want it to be constantly changing from warning to critical and back again all the time.

Thanks
I also can't get this template working.

In the script arguments box I can only put either the /file or the /search string in but putting in just one, makes it yell that the other argument is missing.

How do I put in both arguments?

How can I edit the script to not use the date in the filename, I'm not real good with windows script, still trying to learn it better but going slow.  This is exactly the type of monitor I need but without the date in the filename.  I know I have to comment out the defining of the date variables and the if, then, else, end if part in the beginning but unsure about the PrevLogFile = "temp\.... part and LogFIle = "temp\...  I just need to search for the word ERROR in a filename.log file and if found alert if not found don't alert and this file does not rebuild the following day, the ERROR will only go away as the log file cycles through and purges at a certain file size.  Any help would be appreciated, I am trying to follow the script and comment out what I think isn't needed and testing as I go, hopefully I will hit paydirt at some point.

I'm actually struggling with this completely.  I've filled in the argument line as requested with both pieces of information, the file and the search.  Do I then run it or do I need to as well make edits to the script?  I made edits to remove the date and it tells me it doesn't find what i'm looking for in the file when it is in fact in the file. Please help if you can

I figured it out.  Now I'm trying to make it be able to state multiple lines in one reading and not do the previous lines statement, just report in stats up to 10 lines

Also I figured out how not to have to use the date part if you still would like some assistance on that.

Version history
Revision #:
1 of 1
Last update:
‎08-23-2010 12:00 AM
Updated by: