Once you have created a file definition for your delimited file, or, if you are monitoring non-delimited files, you can configure the actual files that are to be monitored. EventSentry supports variables and wildcards for log files that include dynamic strings such as date, time and sequence numbers.
When adding a new file, you will be required to point to the path of the log file (variables and wildcards are supported), enter a unique name for the log file and specify whether the file is delimited (including a file type) or non-delimited.
To create a new or edit an existing file definition, right-click the Log File Packages container and select Files and Files Types. The Files area will show you all currently configured files and allow you to specify new files.
Monitoring a new log file
Click the Add button to bring up the Add / Edit File to Monitor dialog.
Name
Specify a descriptive name for the log file. For example, enter Firewall Log File if you are monitoring the log file of your firewall.
File Definition
If you are monitoring a non-delimited file, check the Non-Delimited checkbox. Otherwise, select the file definition from the pull-down menu. If a suitable definition is not in the list, then you will have to create a new file definition.
Path
Specify the full path to the log file. Since log files usually include dynamic strings such as the current date, file etc., you can include variables and/or wildcards in the path name. The following variables and wildcards are supported:
Character/Name |
Type |
Description |
* |
Wildcard |
matches zero or more characters |
? |
Wildcard |
matches a single character |
$YEAR |
Variable |
4-digit year |
$YEARSHORT |
Variable |
2-digit year |
$MONTH |
Variable |
2-digit month |
$DAY |
Variable |
2-digit day |
$HOUR |
Variable |
2-digit hour (24 hour format) |
$MINUTE |
Variable |
2-digit minute |
Since you can use both wildcards and variables, you can often specify the file name of your log files in two different ways - either with by using wildcards or by using variables. See the table below for examples on how to map file names:
Filename |
Filename |
Filename |
Filename |
ntbackup01.log |
ex070501.log |
ex070501.log |
20070110232333 Mar 15, 2007 12.33 PM.txt |
ntbackup02.log |
ex070502.log |
ex070502.log |
20070340242343 Mar 16, 2007 12.35 PM.txt |
ntbackup03.log |
ex070503.log |
ex070503.log |
20070139619433 Mar 15, 2007 12.37 PM.txt |
ntbackup*.log |
ex$YEARSHORT$MONTH$DAY.log |
ex*.log |
$YEAR*$DAY, $YEAR*.txt |
As can be seen from the 2nd and 3rd column, the log file name can sometimes be specified in different ways.
Include Subdirectories
File in sub directories can be monitored by checking this box. When monitoring files in sub directories, the path can be specified in a variety of ways:
Path |
Files Monitored |
C:\LogFiles\*.log |
Monitors all files with the .log extension in the C:\LogFiles folder as well as sub directories |
C:\LogFiles\*\*.log |
Monitors all files with the .log extension in any sub directory of the C:\LogFiles folder (and not in the main C:\LogFiles folder) |
C:\inetpub\logs\LogFiles\W3SVC*\u_*.log |
Monitors all files which match the u_*.log pattern in any sub directory of C:\inetpub\logs\LogFiles which matches the W3SVC* pattern. |
Notes
You can use notes to specify what application generates the log file or other descriptions.
