Tech Tip: UIM - How to specify and use wildcards/regex for the logmon probe target file field

Document created by danst04 Employee on Mar 13, 2017
Version 1Show Document
  • View in full screen mode

Document ID:  TEC1611974
Last Modified Date:  01/24/2017
Show Technical Document Details

Summary:

This knowledge article explains how to how to specify and use wildcards/regex for the logmon probe target file field. The logmon target file field allows use of regex and wildcard to parse multiple log files but there are a few caveats as well.

Background:

Customers need to be able to create File filters that allow parsing of multiple files.

Environment:
- logmon 3.70 or higher
Instructions:

Prior to trying to configure and test profiles using a regex or wildcard in the logmon File field it is important to note a few caveats:

a) If you click the 'View' button when you use wildcards or a regex it shows an error:

   "Open file failed: Bad file name or number"

 

The reason why logmon shows this error while clicking on the “View” option is due to the fact that there can be multiple files which could be the output of a wildcard character or regex and the View option will not be able to show multiple files - so that is currently not supported. Even if you're testing using a single file and youre uysing regex/wildcards, you will not be able to use the View button, so keep aware of this fact.

 

b) Furthermore, the Enable File Missing/Open Alarm option cannot be used in combination with regex.

 

- If you use "Enable File missing/open" you cannot use a regex. If you use a regex you must not enable the Enable File missing/open option under the General Tab in the profile.

c) Lastly, you cannot rt-click the profile to select "Test Profile" as it will return this message->  'No Results'

You can start by testing a more generic regex, e.g., C:\log.*.log, to make sure you can parse the files and get it working. You can test a few similarly-formatted file names that contain the strings you're trying to parse.  

 

Warning:

If you specify a filter (regex/wildcard) that does not work or no files exist that can be parsed, you will see a critical alarm - here is an example:

   logmon_test: Failed to get C:\log.[0-9]{6}_[0-9]{6}\.log. Error:No such file or directory

Note I added one backslash to the regex at he end of the file name, e.g., ....   \.log, to break it.

 

In this particular case, a customer wanted to parse files that had this type of format:

   log.nnnnnn_nnnnnn.log

After some slight editing/testing the regex and results, this particular regex worked. It looks for a log file name that begins with log. and has two sets of numbers (any number 0-9) that is 6 digits in length, then an underscore, and then another number 6 digits in length:

 

   C:\log.[0-9]{6}_[0-9]{6}.log

 

 

You can then adjust it to suit your specific needs but keep in mind when testing it, just let the logmon probe give you the results or alarms telling you what is wrong. Once again, if the regex is invalid or the file is missing or the file cannot be parsed, you'll get a critical alarm. If the regex is valid you'll see an alarm that contains the results of your Watcher regex/string. Test it using logmon's 'cat' mode.

Additional Information:

See logmon Help doc:

 

https://docops.ca.com/ca-unified-infrastructure-management-probes/ga/en/alphabetical-probe-articles/logmon-log-monitoring/logmon-ac-configuration

 

Note: You can use pattern matching and regular expression. For example, use the wildcard operators *.txt for identifying multiple log files at run time. You can use regular expressions as discussed in the Notes on Regexp Constructs section in logmon Hints and Examples. Note also that the profile/regex tester in logmon will be enhanced in a future version.

1 person found this helpful

Attachments

    Outcomes