hit counter


LoGrobot / logXray

What is LoGrobot/logXray? LoGrobot is a powerful, fully loaded Linux/Unix Log Monitoring, Analysis & Alerting solution. It is designed to simplistically centralize the monitoring of local and remote log files. It is highly versatile and can be used to monitor and alert on all types of logs; application logs, database logs, system logs, event logs and service logs. It can monitor single and multiple log files and alerts when log patterns (single or multiple patterns) are detected. Additionally, it allows for custom log monitoring tailored to specific individual user requirements. logXray on the other hand provides on-demand graphs and automated analysis which can be used to draw out several important statistics, reveal hidden metrics and quickly isolate problematic trends. When Splunk (and similar applications) are overkill for your daily log monitoring needs, LoGrobot provides a reliable and affordable alternative!


LoGrobot: Who needs it?! Download LoGrobot if you wish to...

Monitor & Alert

Get notified when specific strings, patterns or keywords are dumped into your log files

Get notified when expected patterns of strings ARE NOT found within specific log files

Get notified when unfamiliar lines are introduced into your system/application/database/network logs

Get notified when critical log files stop getting written to after a user-specified period of time

Monitor & Alert

Get notified if a log file is moved, deleted or no longer exist where it should

Get notified when a log file lacks the proper permissions (.i.e. read access)

Generate alerts if log files begins to consume too much disk space (log file size)

Utilize a reliable log monitor that is maintained regularly & used in real production environments

Dissect & Analyze

Scan logs for specific entries and exclude user specified patterns from the result

Monitor any log file (regardless of size) that lacks a consistent date and/or time format

Monitor multiple logs without the nuisance of complex time consuming configurations

Monitor not just log content, but log time stamp, log size, stale logs, a directory of logs and directory file count as well

Monitor & Graph

Graph specific metrics about your logs for the ability to isolate and predict problems before they occur

Graph & Analyze a limitless number of logs including HTTP / Apache / Tomcat / JAVA / MySql / Oracle / Postfix / Mail / Weblogic / System & Application Log Files



Monitor & Auto-Resolve

Monitor any log file on any Unix host regardless of format, use with Nagios (or other monitoring applications) for management and scheduling of log checks, Use with Cacti or Graphite (for graphing log metrics), Crontab (for scheduling & emailing of log alerts)

Utilize our self healing feature to automatically run a script, or a command when a log check fails based upon thresholds you set

Quick, Easy & Customizable

Compatible with other Monitoring applications, Allows for the custom modification of existing features and the addition of new ones to accommodate unique scenarios

Quick & Clean Automated Install - Requires only an "unzip" - No complicated compilations to deal with, no dubious modules or libraries to download...EVER!

Consolidate Log Monitoring

Use one tool to Alert on the frequency (or lack thereof) of any set of keywords, strings or patterns, Monitor log file size, Log timestamps, Stale logs

Automated Management: Monitor logs on all unix hosts in your environment with just One Tool & One Master Server, Keep an unwavering eye on all aspects of your environment!

Additional Benefits

Generate quick color coded excel reports on past notification alerts on all monitored log files - avoid digging through archives!

Implement a clean log monitoring solution that does not require the installation of nonnative modules

Avoid having to read endless pages of convoluted documentation or wasting time training staff on new tools

Have a technical support team available to accommodate your log monitoring requirements

Utilize an advanced intuitive log monitor that eliminates the need to maintain complex configuration files



















Simplified Log File Monitoring

Linux Log Monitoring ; Monitor, Alert on & Analyze Linux / Unix Log files the easy way ; Application Logs, Database logs, System Logs, Custom Logs, Any log file - Genenerate graphs automatically on all monitored logs - Trend any log file metric you desire - Utilize the versitility of LoGrobot to eliminate the tedious effort often required to configure log checks - Perform all log monitoring tasks with just one tool!

Some of the many labor saving capabilities and benefits of LoGrobot include:

  • Watch a directory of log files, detect exceptions/errors in monitored logs

  • PlugnPlay command-line parameters (avoid dealing with scattered configs)
  • Adapts seamlessly to any custom scenario - Usable as a plugin, service or both
  • Monitors dynamic log files efficiently (log files with changing names / dates)
  • Monitors different patterns in single or different log files, with one check
  • Hot Spot Analysis: Identify times when there is unusually high # of log statements
  • Monitors log file timestamps, log file growth, log file size and directory file count
  • Assignment of different thresholds to patterns in a multi-pattern log check
  • A clean log monitor that does not require installation of nonnative modules
  • Scanning, monitoring and alerting on log files of any format, type or size
  • ON-Demand graphs for insight on the health of your App, DB, Network
  • Can alert based on values in certain columns of specific log entries
  • Monitoring rotated logs automatically - never miss events between logchecks!
  • Scan logs in time frames (i.e. show entries within previous 20 mins, 1 hr...etc)
  • Remote agent included for monitoring of remote logs from ONE master server
  • Alert when expected log events are NOT found within a set period of time
  • Monitor all log files or specific types of log files in a particular directory
    • Point logxray to ANY directory with just one check!

      • Avoid having to define separate checks for each log file

    • Specify the type of files to exclude / include in monitoring

      • Assign different thresholds for each file type

  • Easily integrated with other monitoring apps i.e. Nagios, Zenoss, Zabbix
  • Use one tool to monitor anything and everything about your Unix log files!
  • Request development of custom personalized log monitoring features
    • Allows passing of different thresholds to each pattern being monitored

    • Allows for the filtering of specific log entries to eliminate unnecessary noise

  • Buy / Download


How-To Videos on Common Tasks

How to use logrobot/logxray to monitor single or multiple patterns in single or multiple log files, alert on stale logs (logs that arent growing in size or getting updates), monitor file count in a directory.

Print X Number Around Pattern

Monitor a log for a specific pattern. When that pattern is found, print X number of lines before the pattern and X number oflines after the pattern. If multiple patterns are found in the log, perform these instructions on each one of them.

Watch

Directory Log Monitor

Monitor and alert on patterns, strings or keywords found in all logs in a specific directory. Avoid having to create different/separate logchecks for each file. Easily configure log monitoring checks on a large scale with very little effort.

Watch

Growth Monitoring

Log File Growth Monitoring - Monitor the growth of a log file to ensure the log is getting updates. Alert when the growth and/or growth rate of a monitored log is determined to be too slow, too fast or just stale.

Watch


File Size / Log Size

Monitor file size and alert if file size is greater than user specified thresholds. Generate notification alerts on logs. Monitor the size of log files of any application or database on Unix systems. Trend log file size (feature available). Works on Unix (Linux/AIX/SunOS/HP-UX/MacOS).

Watch

Directory File Count Monitor

Monitor and alert on the number of files in a specific directory. Generate notification alerts when the file count of a directory breaches user-specified thresholds. Tested on Unix (Linux/AIX/SunOS/HP-UX).

Watch

File / Log Timestamp

Timestamp Monitor - Monitor the time stamp of single or multile logs / files on a Unix system. If the age of the file you're monitoring is older than a predetermined number of minutes, hours, days...

Watch






 

Other Specific Features:

  • Scan / Scrape / Monitor log files for any error

  • Monitor all logs in a specific directory

      • Point logrobot to ANY directory with just one check!

      • Avoid having to define separate checks for each log file

    • Specify the type of files to exclude / include in monitoring

  • Automate log checks via Nagios or CRONTAB

  • Get email alerts & notifications on all log checks

  • Monitor Directory File Count***

  • Access documentation directly from the CLI

  • Monitor log files for abnormal behavior/activity

  • Manage log file checks from a central location

    • Eliminate tedious administration

    • Avoid cumbersome maintenances

  • Adapts seamlessly to any custom scenario
     

 


 

Supported Log Files

  • Will all my logs be supported?

    Yes, all log types / log formats are supported. 

    Some of the supported log files are listed below:

    • Tomcat Catalina.out logs

    • Apache Maxclient logs

    • Apache access logs

    • Apache error logs

    • OutOfMemory logs

    • JBoss log files

    • Java log files

    • Weblogic logs

    • Glassfish logs

    • Syslog log monitor

    • Maillog / Postfix / Syslog log files

    • Mysqld / Oracle Alert logs

    • Log4j

    • NEW FEATURE: Monitor any type of log file regardless of format
       

What is a Log File Monitor

A log file monitor is a utility designed and built specifically to monitor and alert on messages produced by computer systems and the applications that run on them.

In UNIX, the monitoring of log files is absolutely necessary, and for good reason. You see, the time of a Unix Professional is valuable. Few, if any, can afford to spend hours each day scouring through the many log files that are generated by systems and network applications. However, if you fail to quickly recognize the abnormal or fatal events chronicled in these log files, entire networks can be abused and/or removed from service....which can cost your company dearly, monetarily speaking.

If you wish to monitor log files, there are basically [ 3 ] options available to you:
  • You can try writing your own log monitoring script and see how far that takes you (this is worth looking into if you only have a couple of logs to monitor)
  • Download any of the FREE log monitoring scripts that are available all over the internet OR
  • Purchase a professional tool that was developed specifically for situations like yours and that can easily accommodate future customizations, if necessary

If you embark on a journey to write your own script, you have to understand that it will be an endeavor that will take years to complete, and that's assuming you're a skilled programmer. Monitoring log files goes far beyond simply watching the contents of files for specific errors. As time goes on, there will be new requirements, changes, and continuous requests for modifications which in the end, if the developer isn't creative, can lead to an unusable script - one that is not user friendly.

If you choose to download the FREE log monitoring scripts that are available on the internet, you will quickly discover how ineffective they all are and how much work is necessary to get them to cooperate. If this is the option you choose to go with, you must ask yourself some very important questions:

  • Will I be able to easily administer the creation and modification of several log checks (from a central location) using this method?
  • Is this method scalable?
    • Can I use this one method to monitor different logs on several hundred servers, or am I going to have to do a lot of configurations, compilations, installations, tweaking etc?

The answers to these questions are usually quite depressing. Proceed with caution.

Characteristics of the Ideal Log Monitor:

When searching for the right utility to use to monitor & alert on log files, what features should the perfect tool have?

The ideal log monitor must be able to scan and monitor log files in a very short period of time, preferably in seconds (no matter how big the log file is). At the very least, the perfect log monitor must be able to:

  • Detect abnormal usage patterns in log files
  • Recognize system or network abuse (through mathematical analysis of data)
  • Detect vulnerability scans (e.g. port scans) through the use of user-specified patterns
  • Detect intruders or attempted intrusions (through the use of user-specified patterns)
  • Detect resource shortages (e.g. slow response times, out-of-memory conditions etc)
  • Detect imminent application and system failures (this is usually in some log file on your system)
  • Scan, monitor & alert on log files of different formats (this is absolutely crucial)

While each feature listed here is important, it is worth noting that above all else, the perfect log monitoring utility must be easy to use. Users SHOULD NEVER have to spend too much time reading documentations before being able to utilize a software. The more complex a utility is, the more likely it is to be used the wrong way or abandoned altogether. Imagine having to re-read the Instruction Guide of your Television remote control each time you wanted to use it. Can you picture the annoyance of that?

When it comes to log monitoring, ease of use is essential. I cannot stress this enough. The developer(s) must focus a great deal of effort into drastically limiting or eliminating the need for configuration files. Also, the syntax of the tool must be easily comprehensible and applicable directly from the command line. This means, if a random user were to run the tool from the command line, there shouldn"t be room for confusion. That user should be able to conveniently obtain whichever end result he/she was expecting WITHOUT having to read several pages of complex documentations or desperately scouring Google for help!

This is where the superiority of LoGrobot comes into play. LoGrobot is a commercial Log Monitoring utility that is very easy to utilize. It is robust, seasoned and efficiently versatile like no other tool. It understands the overriding significance of log alerts and focuses on ensuring only valid notifications are generated for the log files it monitors. Installation wise, LoGrobot does not require the addition of any nonnative modules or libraries to the system. Which means, you can install it freely on production/dev/qa servers without tampering with existing libraries or modules.

LoGrobot has a wide range of capabilities. It isn't limited to just scanning log file contents for errors. It can do virtually anything as long as it falls under the banner of log monitoring. Additionally, LoGrobot has years of real life situations, scenarios, possibilities and conditions built into it, which basically means it is highly unlikely you will come up with a need that hasn't already been thought of and programmed into the tool. In the unlikely event that does happen, chances are, work is already in progress to address it.

When it comes to keeping an unwavering eye on all important log files in your UNIX environment, you need ONE log monitoring tool, and LoGrobot is that tool!





Monitoring logs in time frames (if format is supported)


logrobot autofig (logfile) (time-in-minutes) '(string1)' '(string2)' (warn) (critical) (-foundn)

Basic Usage: 

[root@monitor jbowman]#
[root@monitor jbowman]#
[root@monitor jbowman]# logrobot autofig /var/log/messages 1440 'ntpd' 'stratum' 5 10 -foundn
 
2---240---108---ATWFILF---(Apr/13)-(03:35)---(Apr/14)-(03:35:23)

[root@monitor jbowman]#
[root@monitor jbowman]#

So now lets break this down:

logrobot is the tool name.

autofig is an option that is passed to the logrobot tool to tell it what to do.  In this particular case, autofig is instructing logrobot to "automatically figure out" what type of log file /var/log/messages is, and if the format of the log file is supported, perform the remaining functions.

/var/log/messages is of course the log file.

1440 is the amount of previous minutes you want to search the log file for. 1440 = last 24 hours.

"ntpd" is one of the strings that is in the lines of logs that you're interested in.

"stratum" is another string on the same line that you expect to find the "ntpd" string on. Specifying these two strings (luance and Err1310) isolates and processes the lines you want a lot quicker, particularly if you're dealing with a huge log file.

5 specifies Warning. By specifying 5, you're telling the program to alert as WARNING if there are at least 5 occurrences of the search strings you specified, in the log file within the last 60 minutes.

10 specifies Critical. By specifying 10, you're telling the program to alert as CRITICAL if there are at least 10 occurrences of the search strings you specified, in the log file within the last 60 minutes.

-foundn specifies what type of response you'll get. By specifying -foundn, you're saying if anything is found that matches the specified strings within the 60 minute time frame, then that should be regarded as a problem and outputted out.

Summarized Explanation:

As you can see, the logrobot tool is monitoring a log file. The arguments that are passed to the tool instructs it to do the following:

Within the last 60 minutes, if the tool finds less than 5 occurrences of the specified strings in the log file, DO NOT alert. If the tool finds between 5 to 9 occurrences of the specified strings in the log, it'll alert with a WARNING. If the tool discovers 10 or more instances of the strings in the log within the last 60 minutes, it'll alert with a CRITICAL.

Now, let us look at the result of the command:

2---240---108---ATWFILF---(Apr/13)-(03:35)---(Apr/14)-(03:35:23)

There are 6 columns which are separated by 3 hyphens (---).  The first column shows the exit code of the command you just ran.  0 means all is well. 1 means WARNING, which means, LoGrobot discovered conditions that fell under the WARNING specification you provided.  2 means CRITICAL, which means, the worst case scenario has been reached.

In this particular example, here's what the output is telling us: 

You requested to have the /var/log/messages file scanned as far back as 24 hours ago (1440 minutes).

The timeframe that was scanned was from [ April 13, 03:35 ] to [ April 14, 03:35 ].  After scanning through the records that were written to the log in that time frame, LoGrobot found 108 lines that contained both strings of "ntpd" and "stratum 2".  Also, as an FYI, the last date and time those specific strings were found in the log file was 240 seconds ago.
							

Case Scenario:

Within the last 30 minutes, find out how many lines in the log file [ /var/log/app.log ] contain both entries of "ERROR" and "Client". If any lines are found containing these two strings (ERROR.*Client), take note of that.

From the list of lines found, see if there are any lines that also contain the keywords "error 404" OR "updateNumber".  If there are, remove them from the list.  After removing them, show me what is left.  If the number of lines left is between 5 and 9, alert as WARNING.  If equal to or over 10, alert as CRITICAL.  If below 5, do not alert!

Command:

logrobot autofig /var/log/app.log 30 "ERROR.*Client" '(error 404|updateNumber)' 5 10 -showexcl


Case Scenario:

For instance, within the last 30 minutes, if LoGrobot does not find at least 2 lines containing the words "Success" and "Client"  and "returned 200" OR "update:OK" in the log file, it must alert.  So in other words, the lines to search for MUST contain both words of Success & Client (Success.*Client) AND one or both of the strings returned 200 and update:OK.

Command:

logrobot autofig /var/log/app.log 30 "SUCCESS.*Client" '(returned 200|update:OK)' 2 2 -notfoundn
							

This is particularly helpful in cases where you might want to see the actual lines that contain the patterns you instructed the tool to search for.

Example:

logrobot  autofig  /var/log/app.log  30  "ERROR.*Client"  '(error 404|updateNumber:OK)'  5  10  -show

Example:

logrobot  autofig  /var/log/app.log  30  "SUCCESS.*Client"  '(returned 200|update:OK)'   5  10  -show
							

For instance, to pull out 2 weeks of information from within a large log file and to find out how many lines contain certain strings and patterns, you can run a command similar to this:

Example:

logrobot autofig /var/log/app.log 2w "ERROR|error|panic|fail" "ERROR|error|panic|fail" 5 10 -foundn

Notice the [ 2w ].  And also, notice the strings being searched for.  I repeated the strings "ERROR|error|panic|fail" twice because there is no need to specify different search terms to look for.  You don't have to repeat the first string.  You can just enter a dot in its place for the second string..i.e:

logrobot  autofig  /var/log/app.log  2w  "ERROR|error|panic|fail"  "."  5  10  -foundn

From this specific example, I'm telling LoGrobot that I care about EVERY single line that contains any of the keywords I provided.  The [ 2w ] of course means 2 weeks. 
 
See below for the different ways of specifying the date range:

5m = 5 minutes (changeable to any number of minutes)

10h = 10 hours (changeable to any number of hours)

2d = 2 days (changeable to any number of days)

2w = 2 weeks (changeable to any number of weeks)

3mo = 3 months (changeable to any number of months)
							

Suppose you inherited a Unix environment at your new job and don't know what to search for in the logs, here's an idea; instead of worrying about what to watch for, why not force the logs to reveal their hidden contents?

In the example below, LoGrobot was instructed to search the entire messages file (denoted with the '.').  Then, it is to ignore every line that contains any one of these specific strings: 'nagios-primary nagios' OR 'not responding' OR 'synchronized to'.  Whatever lines are left after these THREE patterns are ignored should be outputted to the screen.  The logic here is; if you can identify which entries in the logs are of NO importance to you, you can exclude them from being monitored.  Therefore, if a log file is stripped of the familiar/unwanted, whatever is left will be unfamiliar, thus requiring investigation.
 
[root@nagios-primary ~]# logrobot sanal /var/log/messages 24h '.' 'nagios-primary nagios|not responding|synchronized to' 1 5 -showexcl

Jun 13 13:40:04 nagios-primary abrt[8269]: saved core dump of pid 8128 (/prod/nagios-core/sbin/status.cgi)
Jun 13 13:40:04 nagios-primary abrtd: Directory 'ccpp-2012-06-13-13:40:04-8128' creation detected
Jun 13 13:40:04 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any
Jun 13 13:40:04 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-13-13:40:04
Jun 14 02:20:41 nagios-primary auditd[5813]: Audit daemon rotating log files

2---0---(93)-(41064)-(0.226476%)-(28.4323)-(422.97)---ATWFILF---(Jun/13)-(13:23)---(Jun/14)-(13:23:26) 
							

Instead of forcing users to have to read complex documentations, LoGrobot provides real life examples of its usage right from the command line. Yes, REAL LIFE EXAMPLES! No guessing, no confusion, no scratching of the head. We strongly believe in simplicity and we take the extra steps many utilities refuse to take.

In the below output, let's say you forgot how to use the LoGrobot tool. Instead of having to find the documentation and then having to read it as well, you can just run the the tool from the command line and pass to it the option you're interested in...i.e. autofig (or you can type 'auto' to get more information on other available features).

Example:

[root@nagios-primary ~]#  ./logrobot  autofig

-------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------
Scan log file for 30 minutes worth of information. Show all lines found containing 'ERROR'
-------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------

EXAMPLE:

./logrobot  autofig  /var/log/messages  30m   'ERROR'   '.'   5  10  -show

-------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------
							

Scan the /var/log/messages log file for 24 hours worth of information.  Exclude all lines that contain 'nagios-primary nagios | not responding, timed out| synchronized to'

[root@nagios-primary ~]# logrobot  sanal  /var/log/messages  24h  '.'  'nagios-primary nagios|not responding, timed out| synchronized to'  1  5  -showexcl


Jun 13 13:40:04 nagios-primary abrt[8269]: saved core dump of pid 8128 (/prod/nagios-core/sbin/status.cgi) to /var/spool/abrt/ccpp-2012-06-13-13:40:04-8128.new/coredump (2490368 bytes)
Jun 13 13:40:04 nagios-primary abrtd: Directory 'ccpp-2012-06-13-13:40:04-8128' creation detected
Jun 13 13:40:04 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any package
Jun 13 13:40:04 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-13-13:40:04-8128 (res:2), deleting
Jun 14 02:20:41 nagios-primary auditd[5813]: Audit daemon rotating log files

2---0---(93)-(41064)-(0.226476%)-(28.4323)-(422.97)---ATWFILF---(Jun/13)-(13:23)---(Jun/14)-(13:23:26) ZEAGMK

[root@nagios-primary ~]#
[root@nagios-primary ~]#
[root@nagios-primary ~]#

Scan the /var/log/messages log file for 1 week's worth of information.  Show me all lines that contain the strings: 'nagios-primary abrtd:'

[root@nagios-primary ~]# logrobot sanal /var/log/messages 1w '.' 'nagios-primary abrtd:' 1 5 -show

Jun 10 19:45:34 nagios-primary abrtd: Directory 'ccpp-2012-06-10-19:45:34-19662' creation detected
Jun 10 19:45:35 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any package
Jun 10 19:45:35 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-10-19:45:34-19662 (res:2), deleting
Jun 12 07:07:03 nagios-primary abrtd: Directory 'ccpp-2012-06-12-07:07:02-30780' creation detected
Jun 12 07:07:03 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any package
Jun 12 07:07:03 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-12-07:07:02-30780 (res:2), deleting
Jun 13 13:40:04 nagios-primary abrtd: Directory 'ccpp-2012-06-13-13:40:04-8128' creation detected
Jun 13 13:40:04 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any package
Jun 13 13:40:04 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-13-13:40:04-8128 (res:2), deleting

2---81900---(9)-(176115)-(0.0051103%)-(3)-(0)---(Jun/7)-(13:27)---(Jun/14)-(13:27:26)---ETWNFILF---(Jun/10)-(03:37:03)---(Jun/14)-(13:27:26) NAGCGKiv

[root@nagios-primary ~]#
[root@nagios-primary ~]#
[root@nagios-primary ~]#
[root@nagios-primary ~]#

							

root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~# logrobot autofig /var/log/kern.log 2h '.' '.' 1 2 -show

Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.160050] usb 5-1: new full-speed USB device number 26 using uhci_hcd
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.388215] hub 5-1:1.0: USB hub found
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.390118] hub 5-1:1.0: 4 ports detected
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.673128] usb 5-1.2: new low-speed USB device number 27 using uhci_hcd
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.831895] input: Logitech USB Receiver as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.2/5-1.2:1.0/input/input34
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.832071] logitech 0003:046D:C517.001B: input,hidraw0: USB HID v1.10 Keyboard [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input0
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.863133] logitech 0003:046D:C517.001C: fixing up Logitech keyboard report descriptor
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.865367] input: Logitech USB Receiver as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.2/5-1.2:1.1/input/input35
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.865633] logitech 0003:046D:C517.001C: input,hiddev0,hidraw3: USB HID v1.10 Mouse [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input1
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.249129] usb 5-1.3: new low-speed USB device number 28 using uhci_hcd
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.436287] input: No brand 4 Port KVMSwicther as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.3/5-1.3:1.0/input/input36
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.436429] generic-usb 0003:10D5:55A4.001D: input,hidraw4: USB HID v1.10 Keyboard [No brand 4 Port KVMSwicther] on usb-0000:00:1d.0-1.3/input0
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.442165] usbhid 5-1.3:1.1: couldn't find an input interrupt endpoint
     
2---3240---13---(Sep/20)-(16:49)---(Sep/20)-(17:55:08)---ETWNFILF---(Sep/20)-(17:55)---(Sep/20)-(17:55:08) NAGC

root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~#


							

Scan through the above output and show ONLY lines that contain the strings "USB HID":
 
root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~# logrobot autofig /var/log/kern.log 2h '.' 'USB HID' 1 2 -show

Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.832071] logitech 0003:046D:C517.001B: input,hidraw0: USB HID v1.10 Keyboard [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input0
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.865633] logitech 0003:046D:C517.001C: input,hiddev0,hidraw3: USB HID v1.10 Mouse [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input1
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.436429] generic-usb 0003:10D5:55A4.001D: input,hidraw4: USB HID v1.10 Keyboard [No brand 4 Port KVMSwicther] on usb-0000:00:1d.0-1.3/input0

2---3420---3---(Sep/20)-(16:52)---(Sep/20)-(17:55:08)---ETWNFILF---(Sep/20)-(17:55)---(Sep/20)-(17:55:08) NAGC

root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~# 

							


root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~# logrobot sanal /var/log/kern.log 8h '.' '.' 1 2 -exceldh

frq=19,zsc=1.41421,asc=[Sep-20-(16)]
frq=13,zsc=-0.707106,asc=[Sep-20-(17)]
frq=13,zsc=-0.707106,asc=[Sep-20-(15)]

root@nagios-primary ~#
root@nagios-primary ~#

Search the [ kern.log ] file once again. Find which MINUTE(S) within the last 8 hours had the most entries logged:

root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~# logrobot sanal /var/log/kern.log 8h '.' '.' 1 2 -exceldm

frq=13,zsc=0.816496,asc=[Sep-20-(17:55)]
frq=13,zsc=0.816496,asc=[Sep-20-(16:16)]
frq=13,zsc=0.816496,asc=[Sep-20-(15:31)]
frq=3,zsc=-1.22474,asc=[Sep-20-(16:24)]
frq=3,zsc=-1.22474,asc=[Sep-20-(16:15)]

root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~#

							

root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~# logrobot autofig /var/log/kern.log 2h '.' '.' 1 2 -show

Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.160050] usb 5-1: new full-speed USB device number 26 using uhci_hcd
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.388215] hub 5-1:1.0: USB hub found
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.390118] hub 5-1:1.0: 4 ports detected
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.673128] usb 5-1.2: new low-speed USB device number 27 using uhci_hcd
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.831895] input: Logitech USB Receiver as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.2/5-1.2:1.0/input/input34
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.832071] logitech 0003:046D:C517.001B: input,hidraw0: USB HID v1.10 Keyboard [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input0
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.863133] logitech 0003:046D:C517.001C: fixing up Logitech keyboard report descriptor
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.865367] input: Logitech USB Receiver as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.2/5-1.2:1.1/input/input35
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.865633] logitech 0003:046D:C517.001C: input,hiddev0,hidraw3: USB HID v1.10 Mouse [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input1
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.249129] usb 5-1.3: new low-speed USB device number 28 using uhci_hcd
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.436287] input: No brand 4 Port KVMSwicther as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.3/5-1.3:1.0/input/input36
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.436429] generic-usb 0003:10D5:55A4.001D: input,hidraw4: USB HID v1.10 Keyboard [No brand 4 Port KVMSwicther] on usb-0000:00:1d.0-1.3/input0
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.442165] usbhid 5-1.3:1.1: couldn't find an input interrupt endpoint

2---3960---13---(Sep/20)-(17:01)---(Sep/20)-(17:55:08)---ETWNFILF---(Sep/20)-(17:55)---(Sep/20)-(17:55:08) NAGC

root@nagios-primary ~#
root@nagios-primary ~#

From the above output, exclude all lines that contain 'Logitech' and show me what is left:

root@nagios-primary ~#
root@nagios-primary ~#
root@nagios-primary ~# logrobot sanal /var/log/kern.log 2h '.' 'Logitech' 1 2 -showexcl

Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.160050] usb 5-1: new full-speed USB device number 26 using uhci_hcd
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.388215] hub 5-1:1.0: USB hub found
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.390118] hub 5-1:1.0: 4 ports detected
Sep 20 17:55:06 jake-XPS-M1530 kernel: [87310.673128] usb 5-1.2: new low-speed USB device number 27 using uhci_hcd
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.249129] usb 5-1.3: new low-speed USB device number 28 using uhci_hcd
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.436287] input: No brand 4 Port KVMSwicther as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.3/5-1.3:1.0/input/input36
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.436429] generic-usb 0003:10D5:55A4.001D: input,hidraw4: USB HID v1.10 Keyboard [No brand 4 Port KVMSwicther] on usb-0000:00:1d.0-1.3/input0
Sep 20 17:55:08 jake-XPS-M1530 kernel: [87312.442165] usbhid 5-1.3:1.1: couldn't find an input interrupt endpoint

2---4320---(8)-(13)-(61.5385%)-(8)-(0)-(frq=8,zsc=0,asc=[Sep-20-(17:55)])---(Sep/20)-(17:07)---(Sep/20)-(17:55:08)---ETWNFILF---(Sep/20)-(17:55)---(Sep/20)-(17:55:08) NAGCzzmm

root@nagios-primary ~#
root@nagios-primary ~#


							


Monitoring logs of any format or size (has no limitations!)


./logrobot localhost <default-dir> <feature> <logfile> <age> <str-1> <str-2> <WARNING> <CRITICAL> <tag> <option>

Example:

logrobot  localhost  /tmp/logXray  autonda  /var/log/kern.log  60m  'error'  '.'  1  2  app_err_monitor  -ndfoundn

Explanation of Parameters:

logrobot - This is the tool that does the work for you 

/var/tmp/logXray - This is the designated default directory where logrobot will process its data

autonda - This is the feature that allows logrobot to perform this particular auto-resolve task for you

/var/log/kern.log - This is the log file which is going to be scanned

To scan a directory, simply specify the directory path instead...i.e. /var/log

age - The age the monitored log file must be for it to be monitored

'error' - This is where you specify the string/pattern to look for in the log

Make sure there are no spaces in the patterns you specify.

For instance, to search for the pattern "error found in data", you can specify it this way:

'error.*found.*in.*data'

'.' - This is where you specify an additional pattern you wish to look for on the same line as the previous string

Useful if you want to filter out specific log entries

1 - This is the WARNING number of entries that must be found in the log before an alert is generated.

2 - This is the CRITICAL number of entries that must be found in the log before an alert is generated.

app_err_check - This is the tag name given to this particular log check

The name should describe the application/database or function that's writing to the log - Basically, give this a deserving name

-ndshow - When entries are found in the log, this option will show you those entries

-ndfoundn - When entries are found in the log, this option will NOT them - It will tell you the total count of the newest entries found matching your criteria
Example 1 - (this shows the matching entries found in each log):

Command:

./logrobot localhost /var/tmp/logXray,tail=10 autonda /usr/WebSphere/AppServer_ast_/profiles/paposa_ast_AppServer_ast_/logs/rmcosCluster1-paposa_ast_-node_ast_-server_ast_/SystemOut.log 60m 'Total.*time.*taken' '.' 1 1 testing1 -ndshow

CRITICAL: [/usr/WebSphere/AppServer_ast_/profiles/paposa_ast_AppServer_ast_/logs/rmcosCluster1-paposa_ast_-node_ast_-server_ast_/SystemOut.log][4]
/usr/WebSphere/AppServer2/profiles/paposa01AppServer02/logs/rmcosCluster1-paposa01-node2-server1/SystemOut.log:P=(2)_F=(13s,1s)_R=(39232,39253=21)
/usr/WebSphere/AppServer1/profiles/paposa01AppServer01/logs/rmcosCluster1-paposa01-node1-server2/SystemOut.log:P=(2)_F=(13s,6s)_R=(75789,75811=22)
/usr/WebSphere/AppServer2/profiles/paposa01AppServer02/logs/rmcosCluster1-paposa01-node2-server2/SystemOut.log:P=(2)_F=(13s,0s)_R=(105911,105932=21)

usr_WebSphere_AppServer2_profiles_paposa01AppServer02_logs_rmcosCluster1-paposa01-node2-server2_SystemOut.log:::
[11/16/16 13:48:41:722 PST] 000004e3 SystemOut O TOK : Total time taken to De-Tokenize a number is [12] ms.
[11/16/16 13:48:53:265 PST] 000004b6 SystemOut O TOK : Total time taken to De-Tokenize a number is [15] ms. 2

usr_WebSphere_AppServer2_profiles_paposa01AppServer02_logs_rmcosCluster1-paposa01-node2-server1_SystemOut.log:::
[11/16/16 13:48:43:915 PST] 000004f6 SystemOut O TOK : Total time taken to De-Tokenize a number is [17] ms.
[11/16/16 13:48:52:317 PST] 000004f6 SystemOut O TOK : Total time taken to De-Tokenize a number is [17] ms. 2

usr_WebSphere_AppServer1_profiles_paposa01AppServer01_logs_rmcosCluster1-paposa01-node1-server2_SystemOut.log:::
[11/16/16 13:48:45:693 PST] 000002e3 SystemOut O TOK : Total time taken to De-Tokenize a number is [14] ms.
[11/16/16 13:48:47:873 PST] 000002b2 SystemOut O TOK : Total time taken to De-Tokenize a number is [26] ms. 2

usr_WebSphere_AppServer1_profiles_paposa01AppServer01_logs_rmcosCluster1-paposa01-node1-server1_SystemOut.log::: 0

Example 2 - (this shows the total count of each matching entry in each log)

Command:

./logrobot localhost /var/tmp/logXray,tail=10 autonda /usr/WebSphere/AppServer_ast_/profiles/paposa_ast_AppServer_ast_/logs/rmcosCluster1-paposa_ast_-node_ast_-server_ast_/SystemOut.log 60m 'Total.*time.*taken' '.' 1 1 testing3 -ndfoundmul

CRITICAL: [/usr/WebSphere/AppServer_ast_/profiles/paposa_ast_AppServer_ast_/logs/rmcosCluster1-paposa_ast_-node_ast_-server_ast_/SystemOut.log][4] 

/usr/WebSphere/AppServer1/profiles/paposa01AppServer01/logs/rmcosCluster1-paposa01-node1-server2/SystemOut.log:P=(Total__time__taken=8)_F=(25s)_R=(76970,77031=61)
/usr/WebSphere/AppServer2/profiles/paposa01AppServer02/logs/rmcosCluster1-paposa01-node2-server1/SystemOut.log:P=(Total__time__taken=4)_F=(25s)_R=(40355,40503=148)
/usr/WebSphere/AppServer1/profiles/paposa01AppServer01/logs/rmcosCluster1-paposa01-node1-server1/SystemOut.log:P=(Total__time__taken=3)_F=(25s)_R=(23434,23467=33)
/usr/WebSphere/AppServer2/profiles/paposa01AppServer02/logs/rmcosCluster1-paposa01-node2-server2/SystemOut.log:P=(Total__time__taken=9)_F=(25s)_R=(106908,106997=89)

NOTE:

The '_P_' represents the pipe "|"(OR) symbol.  If using this tool as a log monitoring alert system, specifying "_P_" instead of "|" prevents unnecessary errors.

The default log file age limit is 60 minutes.  That means, the above commands will only scan log files that were modified/created within the last 60 minutes.

To change the age limit, see the full syntax example below...simply replace the 60m with whichever age you prefer

If no entries are found matching the patterns you specified, but you believe there should be, simply add a ".*" to the beginning and end of each pattern...i.e:

'.*error.*_P_.*panic.*_P_.*fail.*_P_.*fault.*'


[root@localhost jserver]# 
[root@localhost jserver]# time ./logrobot localhost /var/tmp/logXray autonda /var/log 60m 'error' '.' 1 2 appmon -ndfoundn
CRITICAL: [/var/log] maillog:P=(25)_F=(107s)_R=(0,281=281) up2date:P=(5)_F=(51s)_R=(0,73=73), Xorg.0.log:P=(1)_F=(197s)_R=(0,659=659) 

real 0m1.571s
user 0m0.694s
sys 0m0.637s

[root@localhost jserver]# 
[root@localhost jserver]# time ./logrobot localhost /var/tmp/logXray autonda /var/log 60m 'error' '.' 1 2 appmon -ndfoundn
OK: [/var/log] up2date:P=(0)_F=(5s)_R=(73,73=0) boot.log:P=(0)_F=(5s)_R=(58,58=0) cron:P=(0)_F=(5s)_R=(214,214=0) messages:P=(0)_F=(5s)_R=(643,643=0) dmesg:P=(0)_F=(5s)_R=(502,502=0) Xorg.0.log:P=(0)_F=(5s)_R=(659,659=0) maillog:P=(0)_F=(5s)_R=(281,281=0) pm-powersave.log:P=(0)_F=(5s)_R=(2,2=0) secure:P=(0)_F=(5s)_R=(13,13=0)

real 0m1.604s
user 0m0.674s
sys 0m0.634s

[root@localhost jserver]# 
[root@localhost jserver]# time ./logrobot localhost /var/tmp/logXray autonda /var/log/messages 60m 'error' '.' 1 2 appmsg -ndfoundn
OK: [/var/log/messages] /var/log/messages:P=(0)_F=(383s)_R=(0,643=643) 

real 0m1.331s
user 0m0.734s
sys 0m0.622s
[root@localhost jserver]#

[root@nagios-primary ~]# ./logrobot localhost /var/tmp/logXray autodoc /wms/prod/jdf/data/log/error 1GB 1.6GB filesize

OK: File [ /wms/prod/jdf/data/log/error ]. Current Size = [ 682.637MB 7 ]. Thresholds: [ W=1GB ] and [ C=1.6GB ].

[root@nagios-primary ~]# ./logrobot localhost /var/tmp/logXray autodoc /var/lib/nagios/retention.dat 80MB 100MB filesize

CRITICAL: File [ /var/lib/nagios/retention.dat ]. Current Size = [ 179.734MB ]. Thresholds: [ W=80MB ] and [ C=100MB ].

# Sending metrics to a graphite/graphing server:

[root@nagios001 ~]# ./logrobot localhost /var/tmp/logXray,graphite,52.88.12.122:2003,typical autonda /var/log/messages 60m 'nothing-to-search-for' '.' 1 2 LogGrowthChk -ndfoundn


The following command will alert if files are found with size greater than zero.

[root@nagios-primary ~]# ./logrobot localhost /var/tmp/logXray autodoc /var/mqm/errors,.FDC,12m 0B 0B filesize

CRITICAL: File [ /var/mqm/errors,.FDC,12m ]. Current Size = [ /var/mqm/errors/AMQ24835.0.FDC(repeat),27053(bytes),11 /var/mqm/errors/AMQ24834.0.FDC(repeat),27053(bytes),11 /var/mqm/errors/AMQ24821.0.FDC(repeat),81673(bytes),11 /var/mqm/errors/AMQ24832.0.FDC(repeat),26973(bytes),11 /var/mqm/errors/AMQ24827.0.FDC(repeat),27053(bytes),11 /var/mqm/errors/AMQ24826.0.FDC(repeat),26973(bytes),11 /var/mqm/errors/AMQ24833.0.FDC(repeat),27053(bytes),11 /var/mqm/errors/AMQ24828.0.FDC(repeat),27053(bytes),11 /var/mqm/errors/AMQ24836.0.FDC(repeat),27053(bytes),11 /var/mqm/errors/AMQ24825.0.FDC(repeat),26973(bytes),11 /var/mqm/errors/AMQ24831.0.FDC(repeat),26973(bytes),11 /var/mqm/errors/AMQ24830.0.FDC(repeat),27053(bytes),11 /var/mqm/errors/AMQ24829.0.FDC(repeat),27053(bytes),11 ]. Thresholds: [ W=0B ] and [ C=0B ].


[root@nagios001 ~]# ./logrobot localhost /var/tmp/logXray autodoc /apps/scope/GAP/wmswave/cbs/logs/cores,1,*,1440m 0B 0B filesize

OK: File [ /apps/scope/GAP/wmswave/cbs/logs/cores,1,*,1440m ]. Current Size = [ no_problem_files_detected ]. Thresholds: [ W=0B ] and [ C=0B ].

[root@nagios001 ~]# ./logrobot localhost /var/tmp/logXray autodoc /apps/scope/GAP/wmswave/cbs/logs/cores,1,*,1440m 0B 0B filesize

CRITICAL: File [ /apps/scope/GAP/wmswave/cbs/logs/cores,1,*,1440m ]. Current Size = [ /apps/scope/GAP/wmswave/cbs/logs/cores/PkShipWaveS/core.10114,533901312(bytes),3m ]. Thresholds: [ W=0B ] and [ C=0B ].

Next time check runs, you'll see the word 'repeat' next to each file that has already been reported/alerted on

CRITICAL: File [ /apps/scope/GAP/wmswave/cbs/logs/cores,1,*,1440m ]. Current Size = [ /apps/scope/GAP/wmswave/cbs/logs/cores/PkShipWaveS/core.12263(repeat),592871424(bytes),7m ]. Thresholds: [ W=0B ] and [ C=0B ].

[root@nagios-primary ~]# ./logrobot localhost /var/tmp/logXray autodoc /opt/apps/iptuibatch/logs/iptconflictCheck.log 1 5 filegrowth

CRITICAL: File [ /opt/apps/iptuibatch/logs/iptconflictCheck.log ]. Size Now = [ 744KB (Wed Dec 30 17:35:56 2015) ]. Size Before = [ 744KB (Wed Dec 30 17:35:55 2015) ].

[root@nagios-primary ~]# ./logrobot localhost /var/tmp/logXray autodoc /opt/apps/iptuibatch/logs/iptconflictCheck.log 1 5 filegrowth

OK: File [ /opt/apps/iptuibatch/logs/iptconflictCheck.log ]. Size Now = [ 752KB (752) (Wed Dec 30 17:37:55 2015) ]. Size Before = [ 744KB (Wed Dec 30 17:35:55 2015) ].

[root@nagios001 ~]# ./logrobot localhost /tmp/logXray,graphite,52.88.12.122:2003,typical autonda /var/log/messages 60m 'nothing-to-search-for' '.'  1 2 LogGrowthChk -ndfoundn

[root@monitor jbowman]#
[root@monitor jbowman]#
[root@monitor jbowman]# ./logxray localhost /var/tmp/logXray autodoc /var/log/syslog 10 20 -timestamp

OK: File = [ /var/log/syslog ]. Timestamp = [ 4s ] = [ 0d, 0h, 0.066m ago ]. Thresholds: [ W=(10m) / C=(20m) ].

[root@monitor jbowman]#
[root@monitor jbowman]#

[root@monitor jbowman]#
[root@monitor jbowman]# ./logxray logrobot001.phx.logrobot.com /var/tmp/logXray autodoc /var/log/syslog 10 20 -timestamp

OK: File = [ /var/log/syslog ]. Timestamp = [ 4s ] = [ 0d, 0h, 0.066m ago ]. Thresholds: [ W=(10m) / C=(20m) ].

[root@monitor jbowman]#


Case Scenario:

Monitor all files that have the pattern "gap_inc" in their names, under the /opt/apache/httpd-2/3/2/htdocs/pkicrlpub directory.

Alert as Warning if the age of any of the discovered file is at least 4 hours old but less than 8 hours.

Alert as Critical when the age of any of the discovered files is at least 8 hours old.

The _ast_ is used to denote "*"

Asterisks have the potential to cause problems, therefore, we allow users to use a predetermined string to reference them.

In other words, when having to specify the path to a log file with asterisks in it, replace the asterisks with "_ast_"

For example,

	This:

		/opt/apache/httpd-2.4.2/htdocs/pkicrlpub/*gap_inc*

	Becomes:

		/opt/apache/httpd-2/3/2/htdocs/pkicrlpub,_ast_gap_inc__ast_

[root@monitor jbowman]#
[root@monitor jbowman]#
[root@monitor jbowman]# ./logxray localhost /var/tmp/logXray autodoc /opt/apache/httpd-2/3/2/htdocs/pkicrlpub,_ast_gap_inc__ast_ 4h 8h timestamp

OK: [ /opt/apache/httpd-2.4.2/htdocs/pkicrlpub/gap_inc_stores_issuing_ca_g1.crl,age=(0d/0h/39.6m ago) /opt/apache/httpd-2.4.2/htdocs/pkicrlpub/gap_inc_corp_root_ca_g1.crl,age=(0d/0h/39.6m ago) /opt/apache/httpd-2.4.2/htdocs/pkicrlpub/gap_inc_corp_issuing_ca_g1.crl,age=(0d/0h/39.6m ago) /opt/apache/httpd-2.4.2/htdocs/pkicrlpub/gap_inc_corp_intermediate_ca_g1.crl,age=(0d/0h/39.6m ago) ].

[root@monitor jbowman]#
[root@monitor jbowman]#

[root@monitor jbowman]#
[root@monitor jbowman]#
[root@monitor jbowman]# ./logxray localhost /var/tmp/logXray autodoc /var/log/syslog 10 20 -timestamp

OK: File = [ /var/log/syslog ]. Timestamp = [ 4s ] = [ 0d, 0h, 0.066m ago ]. Thresholds: [ W=(10m) / C=(20m) ].

[root@monitor jbowman]#
[root@monitor jbowman]#

[root@monitor jbowman]#
[root@monitor jbowman]# ./logxray logrobot001.phx.logrobot.com /var/tmp/logXray autodoc /var/log/syslog 10 20 -timestamp

OK: File = [ /var/log/syslog ]. Timestamp = [ 4s ] = [ 0d, 0h, 0.066m ago ]. Thresholds: [ W=(10m) / C=(20m) ].

[root@monitor jbowman]#