Please enable JavaScript to view this site.

EventSentry can monitor any log (flat) file, and process content based on rules you setup. For example, you can store all lines from a log file in your database and/or log selected content to the application event log.

 

Prerequisites

Similar to monitor event logs, the EventSentry agent will not rescan existing files when it is started. As such, only new lines that are added to the monitor log file(s) will be parsed.

 

Log File Types

When monitoring files we distinguish between:

 

Non-Delimited Log Files

Delimited Log Files

 

clip0138

 

info_32

Log files are monitored in real time, and every time one or more new lines (terminated with a configurable new line character) are added to the log file, they will be processed by EventSentry.

 

Non-Delimited Log Files

Non-delimited log files are files that do not follow any particular pattern and do not contain delimiters. When consolidating non-delimited files, EventSentry simply stores each row (according to your rules) in the database for later review and archival purposes. Examples of non-delimited log files are the Windows NT Backup log file and debug files generated by development tools.

 

Non-delimited log files are easiest to configure, but do not allow you to sort or group searches in the web reports.

 

Delimited Log Files

Delimited log files are files that follow a preset format where every line is made up by a set of fields that are delimited with a common separator, for example a semi-colon. When consolidating delimited log files, EventSentry will store each field separately in the database and allow you to search and display information in a variety of different ways, for example allowing you to group output by a particular field.

 

Delimited log files require a file definition so that EventSentry knows how to parse each line of the file. Setting up file definitions is straight-forward when using on of the pre-defined templates (e.g. IIS, DHCP) but can be more time consuming if you have to monitor a file type for which no definitions exists.

 

info_32

Setting up file definitions for delimited log files is only necessary when consolidating content into a database. If you are only planning on logging selected lines to the event log, then you can treat delimited log files as non-delimited log files.

 

Steps to Monitoring a Log File

 

1.Delimited Files Only: Create a file definition of none exist

2.Define the monitored file(s)

3.Create & assign a log file package

4.Specify the consolidation and monitoring options