Log file monitor task allows you to monitor a log file for certain alert terms

Log File Monitor

The Log file monitor task allows you to monitor a log file for certain alert terms. If the alert term is found, then the timestamp for the log entry is determined and archived. If the timestamp is newer than the previously archived timestamp, you can choose to run another task (or tasks). Also, an exit code = -100 is set when a new alert is found.

File Path
Enter the full path to the log file, that needs to be monitored.

Alert Terms
Enter the alert term required. If you have more than 1 alert term, separate them by a character, not included within the alert term. Example: Searching^Java^Automation . This field also supports dynamic variables. Using dynamic variables, for example, you can search a log file for today's date/time, and run a task if that entry is found.

Alert Term Separator
Enter the separator character used between alert terms, if you have more than 1 alert term.

Logging Direction
New logging entries can either be inserted at the top, or added at the bottom of the log file.

Task To Run
Select the desired task to run, if any of the selected criteria are met. If you want to use this task in a chain, for conditional processing, select 'None'. You can select multiple tasks to run in sequence or simultaneously. To run tasks in sequence, use taskTitle1|taskTitle2|taskTitle3. To run tasks simultaneously, use taskTitle1&taskTitle2&taskTitle3.

Logging Date Format
Enter logging date format, using the following rules below. Please read this entire section very carefully, and please read all the Examples, at the bottom of this section. If you make any mistake in entering the format, the task will not be able to read the timestamp and the task will fail.

Rules:
1) The log file should have a standardized log format. The timestamp should be in the same column location for all lines, otherwise the timestamp in that particular line will not be parsed.
2) The format is: variable1=xxxx(-)variable2=zzzz(-)….etc.
3) One of these types of formats can be specified a) columnformat or b) tokenformat

formattype = columnformat/tokenformat

For tokenformat, use the following variables

formattype = tokenformat

tokens = separators that are used to separate fields. Multiple separators can be specified, one after another. Example: tokens=SPACE*&-_(-) would use the following characters as separators: whitespace * & - _

tokcol_x = specify the format for tokcol_x. Please see examples at bottom of this page for details.

For columnformat, use the following variables

formattype = columnformat

colsep = separator between columns in the log file. Enter SPACE if the column separator is white-space or Enter TAB if the columns are separated by tabs. Example: colsep=SPACE(-) or colsep=,(-)

datecol = Column where date is logged. Example: datecol=4(-)

timecol = Column where time is logged. Example: timecol=4(-)

dateformat = date format used. Example: dateformat=YY-qq-dd(-)

timeformat = time format used. If datecol is same as timecol, leave this field empty. Example: timeformat= hh:mm:ss(-)

tokens = separators between fields. Use all separators between date components and time components. If datecol is same as timecol, add the separator between datecol and timecol.

Examples:
if date is like 03-15-2004, and time is like 09:15:05, tokens=-:(-)
if date and time are logged into same column like, 03-15-2004_09:15:05, tokens=_-:(-)

Specifying date/time formats
Use the same rules, as that used for the DATE variable. Example:
If date time logging output = Feb 3, 2004 4:44:07 PM
Date time format required = Qqq ddx, YY hhx:mm:ss am_pm

YY = 4 digit year is always output (2001 etc..)
yy = 2 digit year is always output (00-99)
pp = 2 digit month is always output (01-12)
ppx = 1 or 2 digit month can be output(1-12)
qqq = 3 character month is always output (jan-dec)
QQQ = 3 character month is always output (JAN-DEC)
Qqq = 3 character month is always output (Jan-Dec)
dd = 2 digit date is always output (01-31)
ddx = 1 or 2 digit date can be output(1-31)
HH = 2 digit hour based on 12 hour clock is always output (01-12) (should generally be used with am_pm)
HHx = 1 or 2 digit hour based on 12 hour clock can be output(1-12)
hh = 2 digit hour based on 24 hour clock is always output (00-23)
hhx = 1 or 2 digit hour based on 24 hour clock can be output (0-23)
mm = 2 digit minute is always output (00-59)
mmx = 1 or 2 digit minute can be output (0-59)
ss = 2 digit seconds is always output (00-59)
ssx = 1 or 2 digit seconds can be output (0-59)
am_pm = AM is output for AM hours, PM is output for PM hours

Examples of Logging date format field entries
1) NCSA Combined / NCSA Extended / Extended Log Format / Microsoft Extended Format.
Example log entry:
2667 avi.start.com - Authorize 401 /pi.admin 1998-03-09 15:21:37 2345

ColumnFormat Logging date format field should be:
formattype=columnformat(-)colsep=TAB(-)tokens=:-(-)datecol=7(-)timecol=8(-)dateformat=YY-dd-qq(-)timeformat=hh:mm:ss(-)

TokenFormat Logging date format field should be:
formattype=tokenformat(-)tokens=-:TAB(-)tokcol_7=YY(-)tokcol_8=pp(-)tokcol_9=dd(-)tokcol_10=hh(-)tokcol_11=mm(-)tokcol_12=ss(-)

2) NCSA - Common Log File format:
Example log entry:
255.255.255.255 - REDMOND\doug [07/Jun/1996:17:39:04 -0800] "POST /iisadmin/default.htm?-, HTTP/1.0" 200 3401

ColumnFormat Logging date format field should be:
formattype=columnformat(-)colsep=space[(-)tokens=:/(-)dateformat=dd/Qqq/YY:dd:mm:ss(-)timeformat=(-)datecol=4(-)timecol=4(-)

TokenFormat Logging date format field should be:
formattype=tokenformat(-)tokens=[/:SPACE (-)tokcol_5=dd(-)tokcol_6=Qqq(-)tokcol_7=YY(-)tokcol_8=hh(-)tokcol_9=mm(-)tokcol_10=ss(-)

3) Microsoft IIS Log Format
Example log entry:
255.255.255.255, user_name, 03/20/98, 23:58:11, MSFTPSVC, SALES1, 255.255.255.255, 60, 275, 0, 0, 0, PASS, intro.htm

ColumnFormat Logging date format field should be:
formattype=columnformat(-)colsep=,SPACE(-)tokens=:/(-)dateformat=dd/Qqq/YY(-)timeformat=dd:mm:ss(-)datecol=3(-)timecol=4(-)

TokenFormat Logging date format field should be:
formattype=tokenformat(-)tokens=,SPACE/:(-)tokcol_3=pp(-)tokcol_4=dd(-)tokcol_5=YY(-)tokcol_6=hh(-)tokcol_7=mm(-)tokcol_8=ss(-)

4) WebSTAR Log format
Example log entry:
03/09/98 15:21:37 ok avi.start.com :pi.admin 2667

ColumnFormat Logging date format field should be:
formattype=columnformat(-)colsep=TAB(-)tokens=:/(-)dateformat=dd/pp/yy(-)timeformat=hh:mm:ss(-)datecol=1(-)timecol=2(-)

TokenFormat Logging date format field should be:
formattype=tokenformat(-)tokens=TAB/:(-)tokcol_1=pp(-)tokcol_2=dd(-)tokcol_3=yy(-)tokcol_4=hh(-)tokcol_5=mm(-)tokcol_6=ss(-)

5) No tokens format, date and time in same column
Example log entry:
03292004-152137 Test task - exit=0
Only ColumnFormat Logging can be used as follows:
formattype=columnformat(-)colsep=SPACE(-)tokens=(-)dateformat=ppddYY-hhmmss(-)timeformat=(-)datecol=1(-)timecol=1(-)
tokens should always be blank, if either the date or time components, are not separated by a separator character, i.e. tokens=(-)

6) No tokens format, date and time in different columns
Example log entry:
03292004 152137 Test task - exit=0
Only ColumnFormat Logging can be used as follows:
formattype=columnformat(-)colsep=SPACE(-)tokens=(-)dateformat=ppddYY(-)timeformat=hhmmss (-)datecol=1(-)timecol=2(-)
tokens should always be blank, if either the date or time components, are not separated by a separator character, i.e. tokens=(-)