Forum Discussion

joshlowit1's avatar
7 years ago

Log Files

I have successfully created an alert for a log file. My question is, How do I monitor the log file regardless of drive letter? I monitor the same log file on several servers but on some of the servers the log is under Drive E: and others it is Drive D:. 

Thank you

7 Replies

  • It is a log file collector. I'm currently using an absolute path in the Logfile Path section, but was wondering if I could use wildcards since the logfile could be on drive E: or drive D:.

  • Are you using PowerShell for this?  If so, something like this should work

    $logfileExists=0
    if(test-path D:\path\to\logfile.txt)
    {
    	$logfileExists=1
    }
    elseif(test-path E:\path\to\logfile.txt)
    {
    	$logfileExists=1
    }
    else
    {
    	$logfileExists=0
    }
    $outString="logfileExists="+$logfileExists
    
    write-host $outString

    Otherwise - you can run a command like this

    $drives = GET-WMIOBJECT win32_logicaldisk | select DeviceID
    
    foreach($drive in $drives)
    {
        #do a test-path to the path on each drive
    }

    Hope that helps.

  • I am new to the community, I am a Unix / Linux admin; how do I parse alerts from my regular scripts to LogicMonitor, we used to send email but the company wants it sent to LogicMonitor. I welcome any help, thanks in advance.

     

  • Check with your CSM to see if you have LM Logs licenses included in your current subscription. If you don't, EventSource would be the way to go. LM would run a task on the collector that would run the script, the output would automatically be parsed by LM (your output would have to change to adhere to EventSource syntax).

  • What kind of alert and how is the datasource configured for this log file?  If it's in a script, you could just iterate through all of the possible drives it could be on testing for the existence of that directory.  That's the easiest way I could think of doing it.

     

  • I've had to do the same as Matt has suggested.  In my case it's limited to a handful of drives, so I the script doesn't have many tests to perform.

  • If you want alerts based on the output of a script, you'd likely want to setup an EventSource. Currently there's no API endpoint for just alerts. 

    That said, you can have your current scripts send their output to LogicMonitor via LM Logs, then create an alert condition on the log contents. I do this with many of the scripts I have written that manage LM. They do things like sync in devices from a SoR, sync users from a custom directory, etc. When they run, they have sdtout that would normally be displayed on the screen or written to a log file. I recently change that so that most of my scripts write to the LM Logs ingestion API endpoint with that content. Then i can see the log output of my scripts right within LM. I haven't done it yet, but it wouldn't be hard to setup an alert condition on specific log entries based on the words that would indicate an issue.