Case Scenario:

For instance, find out how many lines in the log file [ /var/log/app.log ] contain both entries of "ERROR" and "Client", assuming the timestamp of the app.log file is 30 minutes or less. If any lines are found containing these two strings (ERROR.*Client), take note of that.

From the list of lines found, see if there are any lines that also contain the keywords "error 404" OR "updateNumber".  If there are, remove them from the list.  After removing them, show me what is left.  If the number of lines left is between 5 and 9, alert as WARNING.  If equal to or over 10, alert as CRITICAL.  If below 5, do not alert!

Command:

./logrobot localhost autonda /var/log/app.log 30m 'ERROR.*Client' '(error 404|updateNumber)' 1 2 ErrorChk -ndshowexcl

Case Scenario:

For instance, if the age of the app.log file is 30 minutes or less, scan it. Each time it is scanned, check all newly added entries to see if at least 1 line containing the words "Success" and "Client" and "returned 200" OR "update:OK" can be found. If at least 1 line containing the aforementioned patterns are not found, alert.  So in other words, the lines to search for MUST contain both words of Success & Client (Success.*Client) AND one or both of the strings returned 200 and update:OK.

Command:

./logrobot localhost autonda /var/log/app.log 30 'SUCCESS.*Client' '(returned 200|update:OK)' 1  1  EventMonitor  -ndnotfoundn

(OR)

./logrobot localhost autonda /var/log/app.log 30 'SUCCESS.*Client' '(returned 200|update:OK)' 1  0  EventMonitor  -ndshow

This is particularly helpful in cases where you might want to see the actual lines that contain the patterns you instructed the tool to search for.

Example (show entries that contain both 'ERROR.*Client' and either of these two patterns 'error 404' OR 'updateNumber:OK'):

logrobot localhost autonda /var/log/app.log 30 'ERROR.*Client' '(error 404|updateNumber:OK)'  5  10  ErrorChk  -ndshow

Example (show entries that contain 'SUCCESS.*Client'):

logrobot localhost autonda /var/log/app.log 30 'SUCCESS.*Client' '.'   5  10  EventMonitor  -ndshow

For instance, to pull out 2 days of information from within a large log file and to find out how many lines contain certain strings and patterns, you can run a command similar to this:

Example:

logrobot  autofig  /var/log/app.log  2d  'ERROR|error|panic|fail' '.'  5  10  -foundn

From this specific example, I'm telling logrobot that I care about EVERY single line that contains any of the keywords I provided.  The [ 2d ] of course means 2 Days. 

See below for the different ways of specifying a preferred time frame:

5m = 5 minutes (changeable to any number of minutes)

10h = 10 hours (changeable to any number of hours)

2d = 2 days (changeable to any number of days)

2w = 2 weeks (changeable to any number of weeks)

3mo = 3 months (changeable to any number of months)