Navigation:  Monitoring with EventSentry > Log File Monitoring >

Defining Monitored Files

 Top  Previous  Next

Once you have created a file definition for your delimited files, or, if you are monitoring non-delimited files, you can configure the actual files that are to be monitored. EventSentry supports variables and wildcards for log files that include dynamic strings such as date, time and sequence numbers.

 

When adding a new file, you will be required to point to the path of the log file (variables and wildcards are supported), enter a unique name for the log file and specify whether the file is delimited (including a file type) or non-delimited.

 

To create a new or edit an existing file definition, right-click the Log File Packages container and select Files and Files Types. The Files area will show you all currently configured files and allow you to specify new files.

 

Monitoring a new log file

Click the Add button to bring up the Add / Edit File to Monitor dialog.

 

clip0140

 

Name

Specify a descriptive name for the log file. For example, enter Firewall Log File if you are monitoring the log file of your firewall.

 

File Definition

If you are monitoring a non-delimited file, check the Non-Delimited checkbox. Otherwise, select the file definition from the pull-down menu. If a suitable definition is not in the list, then you will have to create a new file definition.

 

Path

Specify the full path to the log file. Since log files usually include dynamic strings such as the current date, file etc., you can include variables and/or wildcards in the file name. The following variables and wildcards are supported:

 

Character/Name

Type

Description

*

Wildcard

matches zero or more characters

?

Wildcard

matches single character

$YEAR

Variable

4-digit year

$YEARSHORT

Variable

2-digit year

$MONTH

Variable

2-digit month

$DAY

Variable

2-digit day

$HOUR

Variable

2-digit hour (24 hour format)

$MINUTE

Variable

2-digit minute

 

Since you can use both wildcards and variables, you can often specify the file name of your log files in two different ways - either with by using wildcards or by using variables. See the table below for examples on how to map file names:

 

File Names

ntbackup01.log

ex070501.log

ex070501.log

20070110232333 Mar 15, 2007 12.33 PM.txt

 

ntbackup02.log

ex070502.log

ex070502.log

20070340242343 Mar 16, 2007 12.35 PM.txt

 

ntbackup03.log

ex070503.log

ex070503.log

20070139619433 Mar 15, 2007 12.37 PM.txt

 

ntbackup04.log

ex070504.log

ex070504.log

20070165420734 Mar 15, 2007 12.40 PM.txt

EventSentry

ntbackup*.log

ex$YEARSHORT$MONTH$DAY.log

ex*.log

$YEAR*$DAY, $YEAR*.txt

 

As you can see from the 3rd and 4th column, you can sometimes specify the log file name in two different ways.

 

Alert or Warning 1 24 n g

Try to keep the number of log files in a monitored directory low (< 100) when using wildcards. Doing so will keep the resource consumption of the EventSentry agent low. For example, you can move older files into a sub directory.

 

Notes

You can use notes to specify what application generates the log file or other descriptions.