Choose whether or not to trigger a command/script when patterns are found...or NOT Found!

Trigger a script or command on log pattern detection(Linux, AIX, SunOS)

Installation:
  1. Right-click and Copy the download URL to the right
  2. Go to your Unix box and wget the URL:
    • wget <the-generated-zip-url-link>
  3. After download, unzip the zip file
    • unzip <the-downloaded-zip-file>
    • cd KingLazySHIELD (or) cd EnScryption.com
  4. To test and only install in your home directory, run this:
    • ./autoresolve.kl.sh
./autoresolve.kl.sh localhost <default-dir>,fixer,<exit-codes>,<command/script-to-run-per-exit-code> <feature> <log> <age> <str-1> <str-2> <WARN> <CRIT> <tag> <option>
./autoresolve.kl.sh localhost /tmp/logXray,fixer,0y-1y-2y,0-uname,1-who,2-uptime autonda /var/log/kern.log 60m 'error' '.' 1 2 app_err_chk -ndshow
  1. autoresolve.kl.sh - This is the tool that does the work for you
  2. /tmp/logXray - This is the designated default directory where logrobot will process its data
  3. fixer - This is an option that tells logrobot to run a command or script when a string is found....OR not found.
  4. 0y - If no entries are found in the log containing your patterns, run the command associated with this exit code
    • - In this example, the command associated with an exit code of 0 is 'uname'
        - The command 'uname' will run IF the logrobot script exits with a status code of 0 (which means OK)
          - If you do not want to run a command for an exit code, replace the 'y' with a 'n'...i.e. 0n
  5. 1y - If the number of entries found in the log breaches the WARNING threshold, run the command 'who'
    • - The command 'who' can be replaced with the path of an actual script
        - If you do not want to run a command for an exit code, replace the 'y' with a 'n'...i.e. 1n
  6. 2y - If the number of entries found in the log breaches the CRITICAL threshold, run the command 'uptime'
    • - The command 'uptime' can be replaced with the path of an actual script
        -If you do not want to run a command for an exit code, replace the 'y' with a 'n'...i.e. 2n
  7. autonda - This is the feature that allows logrobot to perform this particular auto-resolve task for you
  8. /var/log/kern.log - This is the log file which is going to be scanned
  9. age - The age the monitored log file must be for it to be monitored
  10. 'error' - This is where you specify the string/pattern to look for in the log
    • - Make sure there are no spaces in the patterns you specify.
        - For instance, to search for the pattern "error found in data", you can specify it this way:
          'error.*found.*in.*data'
          '.' - This is where you specify an additional pattern you wish to look for on the same line as the previous string
            - Useful if you want to filter out specific log entries
  11. 1 - This is the WARNING number of entries that must be found in the log before any script or command can be run on a host
    • - If this number is not breached, the command specified for the WARNING will not run
  12. 2 - This is the CRITICAL number of entries that must be found in the log before any script or command can be run on a host
    • - If this number is not breached, the command specified for the CRITICAL will not run
  13. app_err_check - This is the tag name given to this particular log check
    • - The name should describe the application/database or function that's writing to the log - Basically, give this a deserving name
  14. -ndshow - When entries are found in the log, this option will show you those entries
jbow# ./autoresolve.kl.sh localhost /tmp/logXray,fixer,0n-1n-2n,0-uname,1-who,2-uptime autonda /var/log/kern.log 60m '.' '.' 1 2 app_err -ndshow

    2-NEW--1657--1657----accurate----app_err--/var/log/kern.log--1657----(FixResults=NO-COMMAND-SET-TO-RUN)
jbow# ./autoresolve.kl.sh localhost /tmp/logXray,fixer,0y-1y-2y,0-uname,1-who,2-uptime autonda /var/log/kern.log 60m '.' '.' 1 2 app_err -ndshow

0

0--1657,1657(rnge)--0(lnct)--0(match)----accurate--,--0s(time)--app_err--/var/log/kern.log---(FixResults=SUCCESS:1453867831:logXray:fixer:Linux logxray_fixer_results:0)