Reading logs - (Pattern matching) (430 Views)
Reply
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 1 of 15 (430 Views)

Reading logs - (Pattern matching)

Hi all;

 

i have a problem with ready log files. actually about pattern matching.

 

my log file has expressions like "Returncode: 0" and this is normal. and i want to create an alarm when Returncode is not '0'. (not equal or greather than) also wnat to create alarm like "Returncode is xxx,

 

i could not write this expression.  could you help me about this expressions?

 

regards.

Please use plain text.
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 2 of 15 (416 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

Just create a condition as below. This might help you.

 

1. Match condition    Returncode: <<#> -ne 0>

 

or

This will process any thing after "Returncode: ", except 0

1. Suppress condition Returncode: 0

2. Match condition Returncode: <*>



Regards,
Chethan
Please use plain text.
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 3 of 15 (415 Views)

Re: Reading logs - (Pattern matching)

First pattern matches any message containing the string Returncode: followed by a blank and any sequence of one or more digits, except 0.

 

You can add match condition as below if error string is from begining of the line.

 

^Returncode: <<#> -ne 0>



Regards,
Chethan
Please use plain text.
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 4 of 15 (412 Views)

Re: Reading logs - (Pattern matching)

thanks Chethan87, for your reply,

 

i try your solutions but no error or info occured yet. time interval is 1 min.

 

log file path name : "C:\test\logtest\xxxxxx.txt"

characterset : ASCII

test log file is like this :

 

End   GWSKZRAS 2013-07-19_104307_657
Start CLEAN_UP 2013-07-19_104307_766
 
Returncode: 6

 

i try all your suggestions. do you have any other advice?

 

best regards

Please use plain text.
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 5 of 15 (409 Views)

Re: Reading logs - (Pattern matching)

It should work. Just insert few lines with matching condition into log file and observe. Also you can do a pattern test from logfile policy using a sample log pattern.


Regards,
Chethan
Please use plain text.
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 6 of 15 (397 Views)

Re: Reading logs - (Pattern matching)

Is this issue resolved?

 



Regards,
Chethan
Please use plain text.
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 7 of 15 (393 Views)

Re: Reading logs - (Pattern matching)

hi chethan,

 

i could not achive yet. i am testing different expressions. i attached my policy config screenshot also log file. if you have spare time. could you try with my changing log file.

 

if i achive, i will updat eyou asap.

 

regards.

Please use plain text.
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 8 of 15 (390 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

 There are no matching entries in the log file, add few matching lines to logfile like Returncode: 1 ,Returncode: 23..etc and try.



Regards,
Chethan
Please use plain text.
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 9 of 15 (386 Views)

Re: Reading logs - (Pattern matching)

hi,

 

i tried that  Chethan87. i add Retuncode: 3   Returncode: 6 also Returncode: 0 at different lines.

 

i think i have another problem with policy.  Because i change matching credential to Returncode: 0 . i think this policy must produece a warning. but nothing has changed.

Please use plain text.
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 10 of 15 (381 Views)

Re: Reading logs - (Pattern matching)

Are you recieving other log file alerts from same node. If yes.. Just add this match condition<*> and try. If this is also not working verify policy status,agent status and logs.


Regards,
Chethan
Please use plain text.
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 11 of 15 (371 Views)

Re: Reading logs - (Pattern matching)

hi;

 

here is test result. could you check? i can not understand what is the main problem. actually  this policy is so easy to configure :)

Please use plain text.
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 12 of 15 (360 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

Create a supress condition    Returncode: 0 and next create a match condition   Returncode:<*>

 

This should work.

 

 



Regards,
Chethan
Please use plain text.
Honored Contributor
Goran Koruga
Posts: 1,290
Registered: ‎12-05-2002
Message 13 of 15 (356 Views)

Re: Reading logs - (Pattern matching)

Hello.

 

This policy is similar to yours:

 

LOGFILE "retcode"
        DESCRIPTION "retcode"
        LOGPATH "/tmp/retcode_SCORE_ALL.txt"
        INTERVAL "30s"
        CHSET ASCII
        FROM_LAST_POS
        CLOSE_AFTER_READ
        SEVERITY Unknown
        MSGCONDITIONS
                DESCRIPTION "d1"
                CONDITION_ID "577f2a9a-f378-71e2-0991-0a1112140000"
                CONDITION
                        TEXT "Returncode: <<#> -ne 0>"
                SET
                        SEVERITY Critical
                        TEXT "<$MSG_TEXT> bla"

 

Works fine with old agent release (8.60.501) on Linux, don't have time to test with a newer one.

 

Regards,

    Goran

Please use plain text.
Frequent Advisor
sunilts
Posts: 64
Registered: ‎02-29-2012
Message 14 of 15 (354 Views)

Re: Reading logs - (Pattern matching)

Hello,

 

The other solution u can try is,create two new rules for the log file path with the condition.

 

Please refer the attached image and test it hope it must work.

 

 

 

Please use plain text.
Frequent Advisor
sunilts
Posts: 64
Registered: ‎02-29-2012
Message 15 of 15 (353 Views)

Re: Reading logs - (Pattern matching)

Log file image

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation