I would like to know if there is a way to use logmon to monitoring a logfile that way:
The logfile is always empty (CLEAR), if there is anything inside that logfile the probe must generete an alarm.
How I do that?
Thanks in advance.
You can configure the probe to monitor a log in "cat" mode, which checks the entire file at every interval rather than just looking for updates. If there is a line in the file, you would get an alarm message each time the probe checks until the line is removed. If you just want an alarm when the line is first added to the file, you can use the default mode (updates). That should work fine even if you usually have an empty file.
In either case, you would create a watcher that matches anything, so any line would generate an alarm. There are two ways to do this:
(The former is just a simple wildcard, and the latter is a regular expression that matches any single character.)
The other way you could potentially do this is with the dirscan probe. You should be able to tell that probe to generate an alarm whenever the file is more than 0 bytes. This is only an option if you do not care what the line in the log says when you get the alarm. If you want the line from the log to be included in the alarm, you need to use the logmon probe.
Thank you very much, it worked.
By the way ,is there a way that the alarm generated cotains a line or any part of the logfile?
Sure, you can define variables in the watcher and then use those variables in the alarm message. The simplest case is a variable that contains the entire line; you just configure it to start at character 1 and go to the end of the line. When you include it in the alarm message, you prefix the variable name with a dollar sign ($). So if the variable name is defined as line, you add it to the alarm message as $line.