Systems Management (OpenView-OP Mgmt) Practitioners Forum
cancel

Reading logs - (Pattern matching)

Fedon Kadifeli
Super Contributor.

Reading logs - (Pattern matching)

Hi all;

 

i have a problem with ready log files. actually about pattern matching.

 

my log file has expressions like "Returncode: 0" and this is normal. and i want to create an alarm when Returncode is not '0'. (not equal or greather than) also wnat to create alarm like "Returncode is xxx,

 

i could not write this expression.  could you help me about this expressions?

 

regards.

14 REPLIES
Chethan87
Respected Contributor.

Re: Reading logs - (Pattern matching)

Hi,

 

Just create a condition as below. This might help you.

 

1. Match condition    Returncode: <<#> -ne 0>

 

or

This will process any thing after "Returncode: ", except 0

1. Suppress condition Returncode: 0

2. Match condition Returncode: <*>



Regards,
Chethan
Chethan87
Respected Contributor.

Re: Reading logs - (Pattern matching)

First pattern matches any message containing the string Returncode: followed by a blank and any sequence of one or more digits, except 0.

 

You can add match condition as below if error string is from begining of the line.

 

^Returncode: <<#> -ne 0>



Regards,
Chethan
Fedon Kadifeli
Super Contributor.

Re: Reading logs - (Pattern matching)

thanks Chethan87, for your reply,

 

i try your solutions but no error or info occured yet. time interval is 1 min.

 

log file path name : "C:\test\logtest\xxxxxx.txt"

characterset : ASCII

test log file is like this :

 

End   GWSKZRAS 2013-07-19_104307_657
Start CLEAN_UP 2013-07-19_104307_766
 
Returncode: 6

 

i try all your suggestions. do you have any other advice?

 

best regards

Chethan87
Respected Contributor.

Re: Reading logs - (Pattern matching)

It should work. Just insert few lines with matching condition into log file and observe. Also you can do a pattern test from logfile policy using a sample log pattern.


Regards,
Chethan
Chethan87
Respected Contributor.

Re: Reading logs - (Pattern matching)

Is this issue resolved?

 



Regards,
Chethan
Fedon Kadifeli
Super Contributor.

Re: Reading logs - (Pattern matching)

hi chethan,

 

i could not achive yet. i am testing different expressions. i attached my policy config screenshot also log file. if you have spare time. could you try with my changing log file.

 

if i achive, i will updat eyou asap.

 

regards.

Chethan87
Respected Contributor.

Re: Reading logs - (Pattern matching)

Hi,

 

 There are no matching entries in the log file, add few matching lines to logfile like Returncode: 1 ,Returncode: 23..etc and try.



Regards,
Chethan
Fedon Kadifeli
Super Contributor.

Re: Reading logs - (Pattern matching)

hi,

 

i tried that  Chethan87. i add Retuncode: 3   Returncode: 6 also Returncode: 0 at different lines.

 

i think i have another problem with policy.  Because i change matching credential to Returncode: 0 . i think this policy must produece a warning. but nothing has changed.

Chethan87
Respected Contributor.

Re: Reading logs - (Pattern matching)

Are you recieving other log file alerts from same node. If yes.. Just add this match condition<*> and try. If this is also not working verify policy status,agent status and logs.


Regards,
Chethan
Fedon Kadifeli
Super Contributor.

Re: Reading logs - (Pattern matching)

hi;

 

here is test result. could you check? i can not understand what is the main problem. actually  this policy is so easy to configure :)

Chethan87
Respected Contributor.

Re: Reading logs - (Pattern matching)

Hi,

 

Create a supress condition    Returncode: 0 and next create a match condition   Returncode:<*>

 

This should work.

 

 



Regards,
Chethan
Goran Koruga
Acclaimed Contributor.

Re: Reading logs - (Pattern matching)

Hello.

 

This policy is similar to yours:

 

LOGFILE "retcode"
        DESCRIPTION "retcode"
        LOGPATH "/tmp/retcode_SCORE_ALL.txt"
        INTERVAL "30s"
        CHSET ASCII
        FROM_LAST_POS
        CLOSE_AFTER_READ
        SEVERITY Unknown
        MSGCONDITIONS
                DESCRIPTION "d1"
                CONDITION_ID "577f2a9a-f378-71e2-0991-0a1112140000"
                CONDITION
                        TEXT "Returncode: <<#> -ne 0>"
                SET
                        SEVERITY Critical
                        TEXT "<$MSG_TEXT> bla"

 

Works fine with old agent release (8.60.501) on Linux, don't have time to test with a newer one.

 

Regards,

    Goran

sunilts
Respected Contributor.

Re: Reading logs - (Pattern matching)

Hello,

 

The other solution u can try is,create two new rules for the log file path with the condition.

 

Please refer the attached image and test it hope it must work.

 

 

 

Highlighted
sunilts
Respected Contributor.

Re: Reading logs - (Pattern matching)

Log file image