Re: Reading logs - (Pattern matching) (628 Views)
Reply
Super Advisor
Posts: 304
Registered: ‎06-09-1998
Message 1 of 15 (705 Views)

Reading logs - (Pattern matching)

Hi all;

 

i have a problem with ready log files. actually about pattern matching.

 

my log file has expressions like "Returncode: 0" and this is normal. and i want to create an alarm when Returncode is not '0'. (not equal or greather than) also wnat to create alarm like "Returncode is xxx,

 

i could not write this expression.  could you help me about this expressions?

 

regards.

Frequent Advisor
Posts: 35
Registered: ‎07-18-2013
Message 2 of 15 (691 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

Just create a condition as below. This might help you.

 

1. Match condition    Returncode: <<#> -ne 0>

 

or

This will process any thing after "Returncode: ", except 0

1. Suppress condition Returncode: 0

2. Match condition Returncode: <*>



Regards,
Chethan
Frequent Advisor
Posts: 35
Registered: ‎07-18-2013
Message 3 of 15 (690 Views)

Re: Reading logs - (Pattern matching)

First pattern matches any message containing the string Returncode: followed by a blank and any sequence of one or more digits, except 0.

 

You can add match condition as below if error string is from begining of the line.

 

^Returncode: <<#> -ne 0>



Regards,
Chethan
Super Advisor
Posts: 304
Registered: ‎06-09-1998
Message 4 of 15 (687 Views)

Re: Reading logs - (Pattern matching)

thanks Chethan87, for your reply,

 

i try your solutions but no error or info occured yet. time interval is 1 min.

 

log file path name : "C:\test\logtest\xxxxxx.txt"

characterset : ASCII

test log file is like this :

 

End   GWSKZRAS 2013-07-19_104307_657
Start CLEAN_UP 2013-07-19_104307_766
 
Returncode: 6

 

i try all your suggestions. do you have any other advice?

 

best regards

Frequent Advisor
Posts: 35
Registered: ‎07-18-2013
Message 5 of 15 (684 Views)

Re: Reading logs - (Pattern matching)

It should work. Just insert few lines with matching condition into log file and observe. Also you can do a pattern test from logfile policy using a sample log pattern.


Regards,
Chethan
Frequent Advisor
Posts: 35
Registered: ‎07-18-2013
Message 6 of 15 (672 Views)

Re: Reading logs - (Pattern matching)

Is this issue resolved?

 



Regards,
Chethan
Super Advisor
Posts: 304
Registered: ‎06-09-1998
Message 7 of 15 (668 Views)

Re: Reading logs - (Pattern matching)

hi chethan,

 

i could not achive yet. i am testing different expressions. i attached my policy config screenshot also log file. if you have spare time. could you try with my changing log file.

 

if i achive, i will updat eyou asap.

 

regards.

Frequent Advisor
Posts: 35
Registered: ‎07-18-2013
Message 8 of 15 (665 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

 There are no matching entries in the log file, add few matching lines to logfile like Returncode: 1 ,Returncode: 23..etc and try.



Regards,
Chethan
Super Advisor
Posts: 304
Registered: ‎06-09-1998
Message 9 of 15 (661 Views)

Re: Reading logs - (Pattern matching)

hi,

 

i tried that  Chethan87. i add Retuncode: 3   Returncode: 6 also Returncode: 0 at different lines.

 

i think i have another problem with policy.  Because i change matching credential to Returncode: 0 . i think this policy must produece a warning. but nothing has changed.

Frequent Advisor
Posts: 35
Registered: ‎07-18-2013
Message 10 of 15 (656 Views)

Re: Reading logs - (Pattern matching)

Are you recieving other log file alerts from same node. If yes.. Just add this match condition<*> and try. If this is also not working verify policy status,agent status and logs.


Regards,
Chethan
Super Advisor
Posts: 304
Registered: ‎06-09-1998
Message 11 of 15 (646 Views)

Re: Reading logs - (Pattern matching)

hi;

 

here is test result. could you check? i can not understand what is the main problem. actually  this policy is so easy to configure :)

Frequent Advisor
Posts: 35
Registered: ‎07-18-2013
Message 12 of 15 (635 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

Create a supress condition    Returncode: 0 and next create a match condition   Returncode:<*>

 

This should work.

 

 



Regards,
Chethan
Honored Contributor
Posts: 1,373
Registered: ‎12-05-2002
Message 13 of 15 (631 Views)

Re: Reading logs - (Pattern matching)

Hello.

 

This policy is similar to yours:

 

LOGFILE "retcode"
        DESCRIPTION "retcode"
        LOGPATH "/tmp/retcode_SCORE_ALL.txt"
        INTERVAL "30s"
        CHSET ASCII
        FROM_LAST_POS
        CLOSE_AFTER_READ
        SEVERITY Unknown
        MSGCONDITIONS
                DESCRIPTION "d1"
                CONDITION_ID "577f2a9a-f378-71e2-0991-0a1112140000"
                CONDITION
                        TEXT "Returncode: <<#> -ne 0>"
                SET
                        SEVERITY Critical
                        TEXT "<$MSG_TEXT> bla"

 

Works fine with old agent release (8.60.501) on Linux, don't have time to test with a newer one.

 

Regards,

    Goran

Frequent Advisor
Posts: 64
Registered: ‎02-29-2012
Message 14 of 15 (629 Views)

Re: Reading logs - (Pattern matching)

Hello,

 

The other solution u can try is,create two new rules for the log file path with the condition.

 

Please refer the attached image and test it hope it must work.

 

 

 

Frequent Advisor
Posts: 64
Registered: ‎02-29-2012
Message 15 of 15 (628 Views)

Re: Reading logs - (Pattern matching)

Log file image

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.