AutoPatrol, Bureaucrats, Administrators
683
edits
Difference between revisions of "UM:Log Monitoring"
m
→Examples of Parser Definition File
| Line 468: | Line 468: | ||
1. Generate event with code 100000 if line in the log file /var/log/messages contains word '''error''': | 1. Generate event with code 100000 if line in the log file /var/log/messages contains word '''error''': | ||
< | <syntaxhighlight lang="xml"> | ||
<parser> | <parser> | ||
<file>/var/log/messages</file> | <file>/var/log/messages</file> | ||
| Line 478: | Line 478: | ||
</rules> | </rules> | ||
</parser> | </parser> | ||
</ | </syntaxhighlight> | ||
2. Generate event with code 200000 if line in the log file '''C:\demo.log''' contains word '''process:''' and is immediatelly following line containing text '''process startup failed'''; everything after word '''process:''' will be sent as event's parameter. | 2. Generate event with code 200000 if line in the log file '''C:\demo.log''' contains word '''process:''' and is immediatelly following line containing text '''process startup failed'''; everything after word '''process:''' will be sent as event's parameter. | ||
< | <syntaxhighlight lang="xml> | ||
<parser> | <parser> | ||
<file>C:\demo.log</file> | <file>C:\demo.log</file> | ||
| Line 496: | Line 496: | ||
</rules> | </rules> | ||
</parser> | </parser> | ||
</ | </syntaxhighlight> | ||