I would have a care with the way match expressions are specified. The documentation says:
Constructing regular expression and pattern matching requires meta characters such as * and ?. The probe supports Perl Compatible Regular Expressions (PCRE) which are enclosed in forward slash (/). For example, the expression /[0-9A-C]/ matches any character in the range 0 to 9 in the target string.
You can also use simple text with wild card operators for matching the target string. For example, the *test* expression matches the text
test in the target string.
(note that the example cited above in the documentation is correct but incomplete as it leaves out that it also matches the letters A, B, and C.)
I have never had consistent luck using the "simple text" wildcards.
You have:
match = *20*
which uses the simple wildcards. I would suggest it would be a much better habit to always use regex and rewrite your match as
match = /.*20.*/
This will eliminate any question of which matching methodology is in play and will save you from headaches when you have match patterns that include spaces and commas which are interpreted as separators in the simple method.
There are also many resources on the Internet to help with writing and testing regex (regexpal.com for instance) - there is only the "test profile" option in the logmon GUI to verify the simple matching method.
Original Message:
Sent: 12-11-2019 09:37 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
Hi,
I am trying with mode: updates..
For testing i kept it as 5 seconds.. We will change it to 10 mins later..
Goal is to find the code ie *200* from the file and report an alert
Original Message:
Sent: 12-11-2019 05:30 AM
From: Luc Christiaens
Subject: Logmon to monitor latest file
I do not understand why you scan this file with mode: full (rescan the whole file) every 5 seconds where you will match 1000's lines?
What is the goal here? With these settings you risk to overload logmon
Original Message:
Sent: 12-11-2019 04:32 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
Hi,
Can you please check the attached file and update us.. Rename access_log.2019.12.10.txt to access_log.2019.12.10 and let me know the result.
Original Message:
Sent: 12-11-2019 03:18 AM
From: Luc Christiaens
Subject: Logmon to monitor latest file
Your watcher with your file works fine with me, except that I execute it on a windows server (logmon version: 4.11)
Original Message:
Sent: 12-11-2019 02:33 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
Hi,
Attached latest log file..
Actual file name is access_log.2019.12.11. Since not able to upload the file as it is in format, changed the format to .txt. Request you to rename access_log.2019.12.11.txt to access_log.2019.12.11 and give a try.
Also the file encoding is us-ascii
Original Message:
Sent: 12-10-2019 11:25 AM
From: Gene HOWARD
Subject: Logmon to monitor latest file
so one thing to check.
Can you vi the target file?
If the target file is locked open you might be failing.
scanfile = /appdata1/HTTPServer/logs/access_log.%Y.%m.%d
or attach the lastest version of this for us to review.
------------------------------
Gene Howard
Principal Support Engineer
Broadcom
Original Message:
Sent: 12-10-2019 10:56 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
Hi,
After setting initial & resume ptr as 1 & 4 not working for me..
Log file encoding is in us-ascii format.. Is this ok or anything to do with this
Original Message:
Sent: 12-10-2019 10:50 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
Hi,
You tried with my logmon.cfg file ?.,
how to set initialfileptr and resumeptr as 1 & 4
Original Message:
Sent: 12-10-2019 10:46 AM
From: Luc Christiaens
Subject: Logmon to monitor latest file
If I change the scanmode and file read position it works fine with me:
scanmode = updates
initialfileptr = 1
resumefileptr = 4
Original Message:
Sent: 12-10-2019 10:34 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
Request you to rename the file to cfg from txt.
Original Message:
Sent: 12-10-2019 10:15 AM
From: Luc Christiaens
Subject: Logmon to monitor latest file
I see a match: *ETC* in your watcher, what about 200?
The goal of having the cfg file is that we can load that profile in our test system.
Original Message:
Sent: 12-10-2019 10:06 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
Log file i am browsing is from Linux server
Original Message:
Sent: 12-10-2019 09:56 AM
From: Luc Christiaens
Subject: Logmon to monitor latest file
Can you post your logmon.cfg, or the specific profile from logmon.cfg?
Original Message:
Sent: 12-10-2019 09:49 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
I tried with *200* - not working
Now i tried with /200/ - Also not working
Original Message:
Sent: 12-10-2019 09:47 AM
From: Luc Christiaens
Subject: Logmon to monitor latest file
How did you code the "match expression" in the watcher?
Try to use: /200/ (perl regex format)
Original Message:
Sent: 12-10-2019 08:56 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
Hi,
I am able to fix it by using access_log.%Y.%m.%d and it works fine - fetches latest file.
but now i am failing when i do test profile.. I created watcher rule, match expression *200* and when i tried with all type of file encoding, test result shows as "No result".
File encoding type is in text/plain - charset US-ASCII. but we don't find these encoding type in logmon probe. How to test the profile with success result.
Is there any way to add file encoding in logmon probe
Original Message:
Sent: 12-10-2019 05:19 AM
From: Luc Christiaens
Subject: Logmon to monitor latest file
You ask to check for a file: access_log.20191206
Original Message:
Sent: 12-10-2019 02:51 AM
From: MADANRAJ SIVAGNANAM
Subject: Logmon to monitor latest file
Team,
How do we monitor latest log file using logmon probe.
Ex : we have application log file generating on daily basis with format "access_log.2019.12.05" , "access_log.2019.12.06",.."access_log.2019.12.09".
In the above example case, i would like to monitor the specific pattern in latest log file "access_log.2019.12.09". How to achieve this ?..
I tried using access_log.%Y%m%d. but it doesnt work and gives me error "open file failed"