Monitoring text log files with NetCrunch
It is possible to not only monitor nodes, but also text log files. In this article we will explain how to configure NetCrunch to monitor the log files of your choice.
Almost all programs or devices write logs which can be processed to find entries about errors or warning states. In this article, we you will see how NetCrunch can utilize Text Parsing Expressions and the text log monitoring sensor to identify relevant log entries.
Creating a Log Parsing Expression
The first thing that needs to be done in order to monitor a log is to create a regular expression which allows NetCrunch to read it, and eventually alert user on findings.
To do that, click on: MonitoringText Parsing Expressions. A new window will appear, and for purpose of this article we will use Text Log Expressions.
NetCrunch comes with 3 pre-created commonly used log formats. We will however create a new format to specifically read the WindowsUpdate.log. Click on the Add button to create a new expression, fill in the Name field, and select Regular Expression as the type.
Open the log, copy a single line of it, then paste it inside the Test Text field. This will allow you to test regular expressions and variables.
The screen below shows an example of a regular expression which parses a line of the log into groups (variables). Based on this test text we can see which variable describes which part of the log, and this will allow us to set proper alerts.
Monitoring a Text Log file
To monitor a text log file, the Text Log sensor needs to be added on the node where the target log is located.
1: Open the Node Settings of the desired node, click Add Monitoring Sensor and select Text Log.
2: Select your Parsing Expression, and provide the proper path to the log.
3: Click Test to make sure that NetCrunch can read the log.
The next step is to create an Alerting Rule on which NetCrunch will raise an alert. Click Add Alert and select New Alert on Text Log Entry.
Here you can configure for which variable NetCrunch will raise an alert. The example below shows a basic configuration, which raises an alert every time NetCrunch detects an "error" in message of the log.
Conclusion
Parsing Expressions connected with the Text Log sensor is a powerful tool in NetCrunch which allows you to monitor diverse logs in search of meaningful text or values that are of interest to the systems administrator.
