Navigation: Monitoring with EventSentry >
Log File Monitoring
|
Navigation: Monitoring with EventSentry > Log File Monitoring |
|
|
EventSentry can monitor any log (flat) file, and process content based on rules you setup. For example, you can store all lines from a log file in your database and/or log selected lines to the application event log.
Prerequisites Similar to monitor event logs, the EventSentry agent will not rescan existing files when it is started. As such, only new lines that are added to the monitor log file(s) will be parsed.
Log File Types When monitoring files we distinguish between:
Non-Delimited Log Files Non-delimited log files are files that do not follow any particular pattern and do not contain delimiters. When consolidating non-delimited files, EventSentry simply stores each row (according to your rules) in the database for later review and archival purposes. Examples of non-delimited log files are the Windows NT Backup log file and debug files generated by development tools.
Non-delimited log files are easiest to configure, but do not allow you to sort or group searches in the web reports.
Delimited Log Files Delimited log files are files that follow a preset format where every line is made up by a set of fields that are delimited with a common separator, for example a semi-colon. When consolidating delimited log files, EventSentry will store each field separately in the database and allow you to search and display information in a variety of different ways, for example allowing you to group output by a particular field.
Delimited log files require a file definition so that EventSentry knows how to parse each line of the file. Setting up file definitions is straight-forward when using on of the pre-defined templates (e.g. IIS, DHCP) but can be more time consuming if you have to monitor a file type for which no definitions exists.
Steps to Monitoring a Log File
|
