What would be the way to configure a text log file with the condition using regex for only monitoring todays dates log file?
Such as 20211216.log
Or can we say only look at any log files from today and not from before?
Can you please describe what exactly you are trying to achieve in a bit more detail?
Regex itself does not know what the current date is, so matching the current date canât be done in regex alone. If you were to write a bash script as a local check however, you could use a different approach. Or maybe for your specific case, a completely different approach would be better, thatâs hard to say without knowing what youâre trying to do.
1 Like
Iâm trying to monitor log files in a directory on a server when specific text appears. Iâve used the âText LogFilesâ rule before baked into the agent and then forwarded these to event console.
However because these files are named with todays date each day I donât know how to do this, with the current rule.
It would be good if there was an option to select the date modified on the file or something etcâŠ
The first thing that comes to my mind would be a cron job thatâŠ
- either runs shortly after midnight (if thatâs when the new log is being generated) and does something like
ln -fs /logdir/$(date +%Y%m%d).log /logdir/latest.log - or runs periodically (e.g. */5) and does something like
ln -fs $(ls -1t /logdir/2*.log | head -n 1) /logdir/latest.log
âŠto make a symlink called latest.log pointing to todayâs log file. You can then use the symlinkâs name for monitoring.
These examples assume your server runs linux, but the same idea can probably also be realized on windows.
2 Likes
You can use glob â/âŠ/*.logâ or the regex argument`regex='\d\d\d\d\d\d\d\d.log$``
Why did you paste this when it wasnât accepted into planning?
I donât understand how youâre example works. The date changes every day, I need to monitor only the log file that relates to each new day.
For as far as i have looked into this matter:
What you are after (if i interpret your desire correctly) is some sort of ability in the config file of logwatch (logwatch.cfg) to allow macroâs like $DATE$ to facilitate your wish.
Unfortunately there is no such code in the plugin.
Next to if it were there the difficulty in this is that date formats can vary a lot, so the resulting filename could have a format not supported by a macro (and there is a lot of formats possible!)
To get around this the suggestion made by @Jay2k1 seems (to me) the most logical approach.
- Glowsome
Monitoring the log file on the server and forwarding the events to Checkmk is not the problem. As soon as a new log file with a new date appears, it is automatically monitored.
The problems start on the Checkmk side, depending on how you want to handle the events. When using the default log check or the Logwatch Event Console Forwarding Rule with the âMonitor forwarded log filesâ option enabled, Checkmk creates a new service for each log file, because each file is a different log file from Checkmkâs point of view.
If you use Logwatch Event Console Forwarding without the Monitor option, Checkmk will simply forward all events of all Logs to the EC, where they can be processed accordingly.
Not planned only means that it is not currently being considered. If the idea gets enough votes, it shows that customers need thes Feature and Checkmk maybe reconsiders its decision. Thatâs the reason why Iâve linked it here. Unfortunately, Checkmk prefers to focus on new features rather than solving such old and long-standing problem.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.