Systems Management (OpenView-OP Mgmt) Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

Reading logs - (Pattern matching)

Highlighted
Super Advisor Super Advisor

Reading logs - (Pattern matching)

Hi all;

 

i have a problem with ready log files. actually about pattern matching.

 

my log file has expressions like "Returncode: 0" and this is normal. and i want to create an alarm when Returncode is not '0'. (not equal or greather than) also wnat to create alarm like "Returncode is xxx,

 

i could not write this expression.  could you help me about this expressions?

 

regards.

14 REPLIES
Frequent Advisor

Re: Reading logs - (Pattern matching)

Hi,

 

Just create a condition as below. This might help you.

 

1. Match condition    Returncode: <<#> -ne 0>

 

or

This will process any thing after "Returncode: ", except 0

1. Suppress condition Returncode: 0

2. Match condition Returncode: <*>



Regards,
Chethan
Frequent Advisor

Re: Reading logs - (Pattern matching)

First pattern matches any message containing the string Returncode: followed by a blank and any sequence of one or more digits, except 0.

 

You can add match condition as below if error string is from begining of the line.

 

^Returncode: <<#> -ne 0>



Regards,
Chethan
Super Advisor Super Advisor

Re: Reading logs - (Pattern matching)

thanks Chethan87, for your reply,

 

i try your solutions but no error or info occured yet. time interval is 1 min.

 

log file path name : "C:\test\logtest\xxxxxx.txt"

characterset : ASCII

test log file is like this :

 

End   GWSKZRAS 2013-07-19_104307_657
Start CLEAN_UP 2013-07-19_104307_766
 
Returncode: 6

 

i try all your suggestions. do you have any other advice?

 

best regards

Frequent Advisor

Re: Reading logs - (Pattern matching)

It should work. Just insert few lines with matching condition into log file and observe. Also you can do a pattern test from logfile policy using a sample log pattern.


Regards,
Chethan
Frequent Advisor

Re: Reading logs - (Pattern matching)

Is this issue resolved?

 



Regards,
Chethan
Super Advisor Super Advisor

Re: Reading logs - (Pattern matching)

hi chethan,

 

i could not achive yet. i am testing different expressions. i attached my policy config screenshot also log file. if you have spare time. could you try with my changing log file.

 

if i achive, i will updat eyou asap.

 

regards.

Frequent Advisor

Re: Reading logs - (Pattern matching)

Hi,

 

 There are no matching entries in the log file, add few matching lines to logfile like Returncode: 1 ,Returncode: 23..etc and try.



Regards,
Chethan
Super Advisor Super Advisor

Re: Reading logs - (Pattern matching)

hi,

 

i tried that  Chethan87. i add Retuncode: 3   Returncode: 6 also Returncode: 0 at different lines.

 

i think i have another problem with policy.  Because i change matching credential to Returncode: 0 . i think this policy must produece a warning. but nothing has changed.

Frequent Advisor

Re: Reading logs - (Pattern matching)

Are you recieving other log file alerts from same node. If yes.. Just add this match condition<*> and try. If this is also not working verify policy status,agent status and logs.


Regards,
Chethan
Super Advisor Super Advisor

Re: Reading logs - (Pattern matching)

hi;

 

here is test result. could you check? i can not understand what is the main problem. actually  this policy is so easy to configure :)

Frequent Advisor

Re: Reading logs - (Pattern matching)

Hi,

 

Create a supress condition    Returncode: 0 and next create a match condition   Returncode:<*>

 

This should work.

 

 



Regards,
Chethan
Honored Contributor Honored Contributor

Re: Reading logs - (Pattern matching)

Hello.

 

This policy is similar to yours:

 

LOGFILE "retcode"
        DESCRIPTION "retcode"
        LOGPATH "/tmp/retcode_SCORE_ALL.txt"
        INTERVAL "30s"
        CHSET ASCII
        FROM_LAST_POS
        CLOSE_AFTER_READ
        SEVERITY Unknown
        MSGCONDITIONS
                DESCRIPTION "d1"
                CONDITION_ID "577f2a9a-f378-71e2-0991-0a1112140000"
                CONDITION
                        TEXT "Returncode: <<#> -ne 0>"
                SET
                        SEVERITY Critical
                        TEXT "<$MSG_TEXT> bla"

 

Works fine with old agent release (8.60.501) on Linux, don't have time to test with a newer one.

 

Regards,

    Goran

Frequent Advisor

Re: Reading logs - (Pattern matching)

Hello,

 

The other solution u can try is,create two new rules for the log file path with the condition.

 

Please refer the attached image and test it hope it must work.

 

 

 

Frequent Advisor

Re: Reading logs - (Pattern matching)

Log file image