In the last two PATROL LOG KM posts, I have discussed two different ways to send out alerts. In those alerts, each matched log entry contains one single line from the log file. What if you want each matched log entry to contain more than one line? This happens when some critical information is actually contained in the lines before or after the line that matches the search string pattern. Including those additional lines in your alert emails or trouble tickets would definitely help to speed up the troubleshooting process.
If the additional lines you want to include are after the line that matches the search string pattern, the solution is simple. For example, if you would like to have the following two lines included in your matched log entry:
031605: Error: Disc Full
/hd001 mounted as /opt
You can use 'Disc Full' as your search string pattern. To make the matched log entry contain one additional line after the line that matched the search string pattern, you simply put '2' in 'Number of Lines in Log Entry' field in LOG KM instance configuration screen. (Please see the location of this field from the LOG KM instance configuration screen displayed in 'PATROL LOG KM Examples - Part 2' post.) And you can configure the rest of LOG KM as usual. You can send one alert per polling cycle as described in 'PATROL LOG KM Examples - Part 1' post or send one alert per matched log entry as described in 'PATROL LOG KM Examples - Part 2' post.
However, if the additional lines you want to include are before the line that matches the search string pattern, the solution is not so simple. For example, if you would like to have the following two lines included in your matched log entry:
root 21292 c Mon Oct 28 08:00:00 2013
! Your password will expire in 3 days.
Here you would need to use some strings from the second line as your search string pattern because nothing from the first line is unique enough as a search pattern. Then how can we include information from the line before the line that matches the search string pattern? In the next post, I will discuss a solution to this example by using an advanced feature of PATROL LOG KM called 'Multiline Search'. Stay tuned.
No comments:
Post a Comment