Reading logs - (Pattern matching) (560 Views)
Reply
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 1 of 15 (560 Views)

Reading logs - (Pattern matching)

Hi all;

 

i have a problem with ready log files. actually about pattern matching.

 

my log file has expressions like "Returncode: 0" and this is normal. and i want to create an alarm when Returncode is not '0'. (not equal or greather than) also wnat to create alarm like "Returncode is xxx,

 

i could not write this expression.  could you help me about this expressions?

 

regards.

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 2 of 15 (546 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

Just create a condition as below. This might help you.

 

1. Match condition    Returncode: <<#> -ne 0>

 

or

This will process any thing after "Returncode: ", except 0

1. Suppress condition Returncode: 0

2. Match condition Returncode: <*>



Regards,
Chethan
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 3 of 15 (545 Views)

Re: Reading logs - (Pattern matching)

First pattern matches any message containing the string Returncode: followed by a blank and any sequence of one or more digits, except 0.

 

You can add match condition as below if error string is from begining of the line.

 

^Returncode: <<#> -ne 0>



Regards,
Chethan
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 4 of 15 (542 Views)

Re: Reading logs - (Pattern matching)

thanks Chethan87, for your reply,

 

i try your solutions but no error or info occured yet. time interval is 1 min.

 

log file path name : "C:\test\logtest\xxxxxx.txt"

characterset : ASCII

test log file is like this :

 

End   GWSKZRAS 2013-07-19_104307_657
Start CLEAN_UP 2013-07-19_104307_766
 
Returncode: 6

 

i try all your suggestions. do you have any other advice?

 

best regards

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 5 of 15 (539 Views)

Re: Reading logs - (Pattern matching)

It should work. Just insert few lines with matching condition into log file and observe. Also you can do a pattern test from logfile policy using a sample log pattern.


Regards,
Chethan
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 6 of 15 (527 Views)

Re: Reading logs - (Pattern matching)

Is this issue resolved?

 



Regards,
Chethan
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 7 of 15 (523 Views)

Re: Reading logs - (Pattern matching)

hi chethan,

 

i could not achive yet. i am testing different expressions. i attached my policy config screenshot also log file. if you have spare time. could you try with my changing log file.

 

if i achive, i will updat eyou asap.

 

regards.

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 8 of 15 (520 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

 There are no matching entries in the log file, add few matching lines to logfile like Returncode: 1 ,Returncode: 23..etc and try.



Regards,
Chethan
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 9 of 15 (516 Views)

Re: Reading logs - (Pattern matching)

hi,

 

i tried that  Chethan87. i add Retuncode: 3   Returncode: 6 also Returncode: 0 at different lines.

 

i think i have another problem with policy.  Because i change matching credential to Returncode: 0 . i think this policy must produece a warning. but nothing has changed.

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 10 of 15 (511 Views)

Re: Reading logs - (Pattern matching)

Are you recieving other log file alerts from same node. If yes.. Just add this match condition<*> and try. If this is also not working verify policy status,agent status and logs.


Regards,
Chethan
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 11 of 15 (501 Views)

Re: Reading logs - (Pattern matching)

hi;

 

here is test result. could you check? i can not understand what is the main problem. actually  this policy is so easy to configure :)

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 12 of 15 (490 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

Create a supress condition    Returncode: 0 and next create a match condition   Returncode:<*>

 

This should work.

 

 



Regards,
Chethan
Honored Contributor
Goran Koruga
Posts: 1,308
Registered: ‎12-05-2002
Message 13 of 15 (486 Views)

Re: Reading logs - (Pattern matching)

Hello.

 

This policy is similar to yours:

 

LOGFILE "retcode"
        DESCRIPTION "retcode"
        LOGPATH "/tmp/retcode_SCORE_ALL.txt"
        INTERVAL "30s"
        CHSET ASCII
        FROM_LAST_POS
        CLOSE_AFTER_READ
        SEVERITY Unknown
        MSGCONDITIONS
                DESCRIPTION "d1"
                CONDITION_ID "577f2a9a-f378-71e2-0991-0a1112140000"
                CONDITION
                        TEXT "Returncode: <<#> -ne 0>"
                SET
                        SEVERITY Critical
                        TEXT "<$MSG_TEXT> bla"

 

Works fine with old agent release (8.60.501) on Linux, don't have time to test with a newer one.

 

Regards,

    Goran

Frequent Advisor
sunilts
Posts: 64
Registered: ‎02-29-2012
Message 14 of 15 (484 Views)

Re: Reading logs - (Pattern matching)

Hello,

 

The other solution u can try is,create two new rules for the log file path with the condition.

 

Please refer the attached image and test it hope it must work.

 

 

 

Frequent Advisor
sunilts
Posts: 64
Registered: ‎02-29-2012
Message 15 of 15 (483 Views)

Re: Reading logs - (Pattern matching)

Log file image

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.