AutoPatrol, Bureaucrats, Administrators
683
edits
Difference between revisions of "UM:Log Monitoring"
→Examples of Parser Definition File
| Line 505: | Line 505: | ||
<source lang="xml"> | <source lang="xml"> | ||
<parser> | <parser> | ||
<file>/var/log/messages</file> | <file>/var/log/messages</file> | ||
<rules> | <rules> | ||
<rule> | <rule> | ||
<match>error</match> | <match>error</match> | ||
<event>100000</event> | <event>100000</event> | ||
</rule> | </rule> | ||
</rules> | </rules> | ||
</parser> | </parser> | ||
</source> | </source> | ||
| Line 519: | Line 519: | ||
<source lang="xml> | <source lang="xml> | ||
<parser> | <parser> | ||
<file>C:\demo.log</file> | <file>C:\demo.log</file> | ||
<rules> | <rules> | ||
<rule> | <rule> | ||
<match>process startup failed</match> | <match>process startup failed</match> | ||
<context action="set" reset="auto">STARTUP_FAILED</context> | <context action="set" reset="auto">STARTUP_FAILED</context> | ||
</rule> | </rule> | ||
<rule context="STARTUP_FAILED"> | <rule context="STARTUP_FAILED"> | ||
<match>process:(.*)</match> | <match>process:(.*)</match> | ||
<event params="1">200000</event> | <event params="1">200000</event> | ||
</rule> | </rule> | ||
</rules> | </rules> | ||
</parser> | </parser> | ||
</source> | </source> | ||