|
|
|
|
The following section describes log file processing which allows searching any text file for a regular expression as new messages are written to it.
The "File" Message Source
The Message Handler file source type has the ability to watch text files for specific patterns (only new lines that are added to the file are processed and not the existing text). Note that these files must reside on the DGE or DGE-extension. To monitor text files on remote servers, you can use a 3rd party tool to convert the text files lines into syslog messages and forward them to the DGE using syslog.
As an example, the following type of entry will monitor the file /var/log/messages:
Note: Please note that this is not a complete example, and just contains a small section of the rules file to highlight the key configuration parameters
<message-handler>
<source type="file" name="syslog">
<enabled>true</enabled>
<input>/var/log/messages</input>
</source>
</message-handler>
On a Windows server, an example might be:
<source type="file" name="router">
<enabled>true</enabled>
<input>C:/syslog/routers.log</input>
</source>
The input parameter is set to the name of the text file. You must add a new FILE entry for each text file that you would like to monitor. To avoid your changes getting overwritten during Traverse upgrades, you should add these entries as plug-ins in nn_src_yyy.xml configuration files in the <TRAVERSE_HOME>/plugin/messages/ directory.