Monitoring all types of log files regardless of format
Monitor any log file with or without timestamps
Case Scenario: For instance, find out how many lines in the log file [ /var/log/app.log ] contain both entries of "ERROR" and "Client", assuming the timestamp of the app.log file is 30 minutes or less. If any lines are found containing these two strings (ERROR.*Client), take note of that. From the list of lines found, see if there are any lines that also contain the keywords "error 404" OR "updateNumber". If there are, remove them from the list. After removing them, show me what is left. If the number of lines left is between 5 and 9, alert as WARNING. If equal to or over 10, alert as CRITICAL. If below 5, do not alert! Command: ./logrobot localhost autonda /var/log/app.log 30m 'ERROR.*Client' '(error 404|updateNumber)' 1 2 ErrorChk -ndshowexcl
Case Scenario: For instance, if the age of the app.log file is 30 minutes or less, scan it. Each time it is scanned, check all newly added entries to see if at least 1 line containing the words "Success" and "Client" and "returned 200" OR "update:OK" can be found. If at least 1 line containing the aforementioned patterns are not found, alert. So in other words, the lines to search for MUST contain both words of Success & Client (Success.*Client) AND one or both of the strings returned 200 and update:OK. Command: ./logrobot localhost autonda /var/log/app.log 30 'SUCCESS.*Client' '(returned 200|update:OK)' 1 1 EventMonitor -ndnotfoundn (OR) ./logrobot localhost autonda /var/log/app.log 30 'SUCCESS.*Client' '(returned 200|update:OK)' 1 0 EventMonitor -ndshow
This is particularly helpful in cases where you might want to see the actual lines that contain the patterns you instructed the tool to search for. Example (show entries that contain both 'ERROR.*Client' and either of these two patterns 'error 404' OR 'updateNumber:OK'): logrobot localhost autonda /var/log/app.log 30 'ERROR.*Client' '(error 404|updateNumber:OK)' 5 10 ErrorChk -ndshow Example (show entries that contain 'SUCCESS.*Client'): logrobot localhost autonda /var/log/app.log 30 'SUCCESS.*Client' '.' 5 10 EventMonitor -ndshow
For instance, to pull out 2 days of information from within a large log file and to find out how many lines contain certain strings and patterns, you can run a command similar to this: Example: logrobot autofig /var/log/app.log 2d 'ERROR|error|panic|fail' '.' 5 10 -foundn From this specific example, I'm telling logrobot that I care about EVERY single line that contains any of the keywords I provided. The [ 2d ] of course means 2 Days. See below for the different ways of specifying a preferred time frame: 5m = 5 minutes (changeable to any number of minutes) 10h = 10 hours (changeable to any number of hours) 2d = 2 days (changeable to any number of days) 2w = 2 weeks (changeable to any number of weeks) 3mo = 3 months (changeable to any number of months)
Log File Content
Scan content of log files for new occurrences (or lack thereof) of specific keywords, strings or patterns.
Log File Size
Monitor the sizes of single or multiple log files - alert if log size breaches predefined thresholds.
Log File Growth
Monitor the growth of single or multiple log files - alert when the monitored logs stop receiving new data.
Log File Timestamp
Monitor the timestamp of single or multiple logs. Alert, if logs are older than X amount of minutes or hours.