07-22-2013 05:06 AM
i have a problem with ready log files. actually about pattern matching.
my log file has expressions like "Returncode: 0" and this is normal. and i want to create an alarm when Returncode is not '0'. (not equal or greather than) also wnat to create alarm like "Returncode is xxx,
i could not write this expression. could you help me about this expressions?
07-22-2013 06:56 AM
Just create a condition as below. This might help you.
1. Match condition Returncode: <<#> -ne 0>
This will process any thing after "Returncode: ", except 0
1. Suppress condition Returncode: 0
2. Match condition Returncode: <*>
07-22-2013 07:03 AM
First pattern matches any message containing the string Returncode: followed by a blank and any sequence of one or more digits, except 0.
You can add match condition as below if error string is from begining of the line.
^Returncode: <<#> -ne 0>
07-22-2013 07:54 AM
thanks Chethan87, for your reply,
i try your solutions but no error or info occured yet. time interval is 1 min.
log file path name : "C:\test\logtest\xxxxxx.txt"
characterset : ASCII
test log file is like this :
End GWSKZRAS 2013-07-19_104307_657
Start CLEAN_UP 2013-07-19_104307_766
i try all your suggestions. do you have any other advice?
07-22-2013 08:13 AM
07-23-2013 02:07 AM
i could not achive yet. i am testing different expressions. i attached my policy config screenshot also log file. if you have spare time. could you try with my changing log file.
if i achive, i will updat eyou asap.
07-23-2013 05:27 AM
i tried that Chethan87. i add Retuncode: 3 Returncode: 6 also Returncode: 0 at different lines.
i think i have another problem with policy. Because i change matching credential to Returncode: 0 . i think this policy must produece a warning. but nothing has changed.
07-23-2013 06:20 AM
07-24-2013 04:17 AM
This policy is similar to yours:
TEXT "Returncode: <<#> -ne 0>"
TEXT "<$MSG_TEXT> bla"
Works fine with old agent release (8.60.501) on Linux, don't have time to test with a newer one.
07-24-2013 04:32 AM
The other solution u can try is,create two new rules for the log file path with the condition.
Please refer the attached image and test it hope it must work.