Real-time logfile monitoring with space separator
Posted: Mon Nov 09, 2015 10:13 am
Hello,
I'm supposed to know how the real-time capabilities of NSCLient++ works, but I can't figure out how to make it work with logfiles. Plese don't advise to send it to NLS, some of the lofiles are huge and we have no mulla to store all these logs..
So I know it can work with logfiles which have a clear separator such as ';' and I have the example Michael has documented here http://blog.medin.name/blog/2012/11/26/ ... ext-files/ working perfectly. So no need to troubleshoot NSCA connectivity or configuration. I also have configured an output file for easier troubleshooting.
So the problem is in:
The log.txt looks like this:
So I need to catch the lines containing ERROR and send them with NSCA to Nagios XI. As a test however I'm looking for 'INFO' as it is easier to troubleshoot. The problem is that I can't find out how to use space as a field separator. I tried lots of different configurations:
But none of them work. i'm using NSClient 0.4.1.105 so the filter syntax should be correct. As said before this does work:
When I do the log is sent to Nagios XI. So how can I achieve the same with a space instead of a ';'?
Any input is welcome to get this working. I'd prefer to get it working passively and real-time.
EDIT: It would also work without separator, but I'm not sure how to get that done too.. Not enough examples on the Interwebs for this. I'll put it on my site if we got this working.
I'm supposed to know how the real-time capabilities of NSCLient++ works, but I can't figure out how to make it work with logfiles. Plese don't advise to send it to NLS, some of the lofiles are huge and we have no mulla to store all these logs..
So I know it can work with logfiles which have a clear separator such as ';' and I have the example Michael has documented here http://blog.medin.name/blog/2012/11/26/ ... ext-files/ working perfectly. So no need to troubleshoot NSCA connectivity or configuration. I also have configured an output file for easier troubleshooting.
So the problem is in:
Code: Select all
[/settings/logfile/real-time/checks/LOG_DrosoService]
file = M:\ApplicationLogs\DrosoService\log.txt
destination = NSCA,FILE
filter = column4 like 'INFO'
critical = column4 like 'INFO'
column separator=;Code: Select all
2015-11-09 16:00:44,797 [38] INFO Flowcontrol - Servicename = G_Droso/Droso_Meldingen
2015-11-09 16:00:54,814 [38] ERROR Flowcontrol - GeefInfoOverPunt: feature gevonden!
2015-11-09 16:00:54,853 [38] INFO Flowcontrol - SnijdPuntMetFeatureClassEnGeefWaardeInKolom: info gevonden voor geometry in featureclass sg_gis_pub.giswriter.REFADM_vecstadswijken:1
2015-11-09 16:00:54,892 [38] INFO Flowcontrol - SnijdPuntMetFeatureClassEnGeefWaardeInKolom: info gevonden voor geometry in featureclass sg_gis_pub.giswriter.VEIPOL_vecWijkcommissariaten:9
2015-11-09 16:00:54,935 [38] INFO Flowcontrol - SnijdPuntMetFeatureClassEnGeefWaardeInKolom: info gevonden voor geometry in featureclass sg_gis_pub.giswriter.INFWIS_vecSectorenDWBW:3
Code: Select all
[/settings/logfile/real-time/checks/LOG_DrosoService]
file = M:\ApplicationLogs\DrosoService\log.txt
destination = NSCA,FILE
filter = column4 like 'INFO'
critical = column4 like 'INFO'Code: Select all
[/settings/logfile/real-time/checks/LOG_DrosoService]
file = M:\ApplicationLogs\DrosoService\log.txt
destination = NSCA,FILE
filter = column4 like 'INFO'
critical = column4 like 'INFO'
column separator= Code: Select all
[/settings/logfile/real-time/checks/LOG_Test]
file = M:\ApplicationLogs\DrosoService\logtest.txt
destination = NSCA,FILE
filter = column1 like 'hello'
critical = column2 like 'world'
column separator=;Code: Select all
echo hello;world >> M:\ApplicationLogs\DrosoService\logtest.txtAny input is welcome to get this working. I'd prefer to get it working passively and real-time.
EDIT: It would also work without separator, but I'm not sure how to get that done too.. Not enough examples on the Interwebs for this. I'll put it on my site if we got this working.