Saturday, April 2, 2011

OMW: Log file monitor for multiple log files

To monitor multiple files using a OMW log file monitor policy, you have to configure the policy to list those files separated by spaces.

Normally in Unix-based systems if you used ls command with wildcards, the result will be the full files path and separated by spaces

In Windows, dir is not delivering the same result as

if you try dir /b /s it will show each file in separate line

image

if you used /w command it display the files without path, so I created the below script to list the files with /w and add the path to the output

If Wscript.Arguments.Count < 2 Then
wscript.echo "Usage cscript listlogs.vbs ""directry"" filename "
wscript.echo "Ex:"
wscript.echo "cscript listlogs.vbs ""d:\logs\"" logfilename "
Else
directory = WScript.Arguments.Item(0)
fileName= WScript.Arguments.Item(1)
Set objShell = WScript.CreateObject("WScript.Shell")
command = "cmd /c dir /l /w " & directory & "*" &filename & "*.log"
Set oExec = objShell.Exec(Command)
Do While Not oExec.StdOut.AtEndOfStream
commandoutput = oExec.StdOut.ReadLine()
If Instr(commandoutput, ".log") > 0 then
replaced = replace(commandOutput,filename, directory & filename)
wscript.echo replaced
End if
Loop
End if


The next step is to deploy this script to your Managed Nodes, we may create new Instrumentation by creating a new folder under %ovdatadir%\shared\Instrumentation\Categories ,  lets name it LogFileMonitor


image


Browse to the Policy Group or to Policy Management –> Policies grouped by type-> Agent Policies –> Logfile Entry


image


In the Log file path type <`c:\windows\system32\cscript.exe /nolog listlog.vbs c:\Cisco\log\ cisco`>  but during the test it work with me as <`c:\windows\system32\cscript.exe /nologo "%ovdatadir%"\bin\instrumentation\listlogs.vbs c:\Cisco\log\ cisco`>


image


Save the policy, you may use Category option to automatically deploy the instrumentation with the policy (requires certain configuration)


image









Distribute the instrumentation,then deploy the policy to your managed nodes.


image




 


 


This was in response of HP Support forum question on ITRC Logfile Monitoring with File name changes after server reeboot