Re: Reading logs - (Pattern matching) (422 Views)
Reply
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 1 of 15 (499 Views)

Reading logs - (Pattern matching)

Hi all;

 

i have a problem with ready log files. actually about pattern matching.

 

my log file has expressions like "Returncode: 0" and this is normal. and i want to create an alarm when Returncode is not '0'. (not equal or greather than) also wnat to create alarm like "Returncode is xxx,

 

i could not write this expression.  could you help me about this expressions?

 

regards.

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 2 of 15 (485 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

Just create a condition as below. This might help you.

 

1. Match condition    Returncode: <<#> -ne 0>

 

or

This will process any thing after "Returncode: ", except 0

1. Suppress condition Returncode: 0

2. Match condition Returncode: <*>



Regards,
Chethan
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 3 of 15 (484 Views)

Re: Reading logs - (Pattern matching)

First pattern matches any message containing the string Returncode: followed by a blank and any sequence of one or more digits, except 0.

 

You can add match condition as below if error string is from begining of the line.

 

^Returncode: <<#> -ne 0>



Regards,
Chethan
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 4 of 15 (481 Views)

Re: Reading logs - (Pattern matching)

thanks Chethan87, for your reply,

 

i try your solutions but no error or info occured yet. time interval is 1 min.

 

log file path name : "C:\test\logtest\xxxxxx.txt"

characterset : ASCII

test log file is like this :

 

End   GWSKZRAS 2013-07-19_104307_657
Start CLEAN_UP 2013-07-19_104307_766
 
Returncode: 6

 

i try all your suggestions. do you have any other advice?

 

best regards

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 5 of 15 (478 Views)

Re: Reading logs - (Pattern matching)

It should work. Just insert few lines with matching condition into log file and observe. Also you can do a pattern test from logfile policy using a sample log pattern.


Regards,
Chethan
Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 6 of 15 (466 Views)

Re: Reading logs - (Pattern matching)

Is this issue resolved?

 



Regards,
Chethan
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 7 of 15 (462 Views)

Re: Reading logs - (Pattern matching)

hi chethan,

 

i could not achive yet. i am testing different expressions. i attached my policy config screenshot also log file. if you have spare time. could you try with my changing log file.

 

if i achive, i will updat eyou asap.

 

regards.

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 8 of 15 (459 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

 There are no matching entries in the log file, add few matching lines to logfile like Returncode: 1 ,Returncode: 23..etc and try.



Regards,
Chethan
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 9 of 15 (455 Views)

Re: Reading logs - (Pattern matching)

hi,

 

i tried that  Chethan87. i add Retuncode: 3   Returncode: 6 also Returncode: 0 at different lines.

 

i think i have another problem with policy.  Because i change matching credential to Returncode: 0 . i think this policy must produece a warning. but nothing has changed.

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 10 of 15 (450 Views)

Re: Reading logs - (Pattern matching)

Are you recieving other log file alerts from same node. If yes.. Just add this match condition<*> and try. If this is also not working verify policy status,agent status and logs.


Regards,
Chethan
Super Advisor
Fedon Kadifeli
Posts: 292
Registered: ‎06-09-1998
Message 11 of 15 (440 Views)

Re: Reading logs - (Pattern matching)

hi;

 

here is test result. could you check? i can not understand what is the main problem. actually  this policy is so easy to configure :)

Frequent Advisor
Chethan87
Posts: 35
Registered: ‎07-18-2013
Message 12 of 15 (429 Views)

Re: Reading logs - (Pattern matching)

Hi,

 

Create a supress condition    Returncode: 0 and next create a match condition   Returncode:<*>

 

This should work.

 

 



Regards,
Chethan
Honored Contributor
Goran Koruga
Posts: 1,296
Registered: ‎12-05-2002
Message 13 of 15 (425 Views)

Re: Reading logs - (Pattern matching)

Hello.

 

This policy is similar to yours:

 

LOGFILE "retcode"
        DESCRIPTION "retcode"
        LOGPATH "/tmp/retcode_SCORE_ALL.txt"
        INTERVAL "30s"
        CHSET ASCII
        FROM_LAST_POS
        CLOSE_AFTER_READ
        SEVERITY Unknown
        MSGCONDITIONS
                DESCRIPTION "d1"
                CONDITION_ID "577f2a9a-f378-71e2-0991-0a1112140000"
                CONDITION
                        TEXT "Returncode: <<#> -ne 0>"
                SET
                        SEVERITY Critical
                        TEXT "<$MSG_TEXT> bla"

 

Works fine with old agent release (8.60.501) on Linux, don't have time to test with a newer one.

 

Regards,

    Goran

Frequent Advisor
sunilts
Posts: 64
Registered: ‎02-29-2012
Message 14 of 15 (423 Views)

Re: Reading logs - (Pattern matching)

Hello,

 

The other solution u can try is,create two new rules for the log file path with the condition.

 

Please refer the attached image and test it hope it must work.

 

 

 

Frequent Advisor
sunilts
Posts: 64
Registered: ‎02-29-2012
Message 15 of 15 (422 Views)

Re: Reading logs - (Pattern matching)

Log file image

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.