cancel
Showing results for 
Search instead for 
Did you mean: 

Check Log file for certain strings

Cedric_Jackson
08 Mountaineer

Check Log file for certain strings

Does Prognosis have the ability to look at a log file on a Windows server and search for a specific string. I have an application that will write an error message which is the early warning that I want to get notified on.
5 REPLIES 5
Shoaib_Dilawar
12 Sherpa

Re: Check Log file for certain strings

Hi Cedric,

we have few solutions that do log parsing, but there is nothing generic to cater for any log file. Prognosis can easily be extended to read the log file for specific error messages and populate a new record that can be used to trigger an alert.

If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
Cedric_Jackson
08 Mountaineer

Re: Check Log file for certain strings

Thanks Shoalb;

Can you point me to some documentation around that?
ChristopherS
12 Sherpa

Re: Check Log file for certain strings

An Analyst is a relatively efficient way to really parse apart logs and take actions upon them. We have a couple of solutions that are largely Analyst based. You can use thresholds too but Analysts have certain advantages as well.

If you want to pull in additional but similar log files we have EXTRACTORS, GENLOG Extended Solution, and also custom collectors we build.

If it is something like the Windows event log or Syslog it can be straight forward. Part of an analyst rule for example.

RULE BOB_TH_WRITE_SLOT_265 primary

! Define variables used
string _RuleName[50]
string _CallRule[50]
string _IgnID[50]
string _IgnObj[50]
numeric _bRslt

string _SendDisp[2] := "N"
string _Dbug[2] := "N"
string _PrbSum1[240]
string _PrbDet1[240]

RECORD PRGNEVT
WHERE LOG_FILE = "/var/log/syslog" AND EVT_NUM = EMPTY AND EVT_TEXT MATCHES "* BOB$_TH_WRITE_SLOT_FAIL *"
REFRESH 60 SECONDS
NODE ( #MyPrimaryServer )


AFTER 1 OCCURRENCES
BETWEEN 00:00 23:59
EVERY 300 SECONDS

----INSERT ACTIONS AND SECONDARY ANALYSIS HERE INCLUDING CALLING SECONDARY RULES.

If my answer helped you today, please be sure to mark the resolved button to assist others.

Christopher R Souser - Solution Architect – MSci. PA, CISSP, ITIL.
Cedric_Jackson
08 Mountaineer

Re: Check Log file for certain strings

Thanks for the feedback. To start I will be looking at a simple application long in plain english and look for certain keywords. I will look into building an analyst for this. Thanks for the nudge.
ChristopherS
12 Sherpa

Re: Check Log file for certain strings

Ok, Analysts are a bit quirky to get used to without training and so I am sure you will have questions if you have not used them before. I'd suggest starting individual posts for each one. I am also working on some documentation updates to hopefully clarify several things that you might run into but not sure when those will get done exactly.

If my answer helped you today, please be sure to mark the resolved button to assist others.

Christopher R Souser - Solution Architect – MSci. PA, CISSP, ITIL.