ProcessErrorLogJob How-To


Functionality: Reads text files to find patterns which represent statistical or alert notifications.
Potential uses: Read an application log to be notified of errors. Read a text file for statistical values or other information.
Supported Platform: All

Sample Scenario:
There is an application running on the Windows server WINSRV07 which outputs a log file that contains errors and information. The log file is stored on the server in the path:
     D:\syslogs\localhost\Apps\application.log

We want HEYMon to notify Bob Roberts when there are any errors in the log, and when there is a specific type of log entry which contains the phrase transformHandler Warning.

The application log has the following layout and content:
03-24-2014 09:24:37.03 ERROR systemErrorHander Error in getTotal(): Value was null and could not be resolved to a number.
03-24-2014 09:24:39.39 INFO transformHandler Warning in convertTemplate(): No default encoding. Using UTF-8.
03-24-2014 09:25:24.41 DEBUG The value of interstitial was -1. Delegates are not loaded.
03-24-2014 09:25:25.13 ERROR systemErrorHander Error in dispatchMessage: Could not connect to remote system.
03-24-2014 09:26:01.11 ERROR systemErrorHander Error sending message: No remote connection.
03-24-2014 09:26:31.09 INFO transformHandler Warning in convertTemplate(): No default encoding. Using UTF-8.

Notice that many of the lines have the word ERROR. These lines are errors that we want to be notified about.
We can configure HEYMon to find the lines with the word 'ERROR' by setting a query property:

<query1>$3=ERROR</query1>
This configuration entry specifies: "Any line where the third item is 'ERROR' should be considered an alert condition."
We will also need to tell HEYMon that our query delimiter is a space.
<keyDelimiter> </keyDelimiter>
With this log file the delimiter is a space. Based on having a space as a delimiter, the third item on each line is where we will find the word ERROR we are interested in.
We also want to know if we get a transformHander warning in this same log file. So, we will add another query to capture it:
<query2>$4=transformHandler</query2>
This configuration entry specifies: "Any line where the fourth item is 'transformHandler' should be considered an alert condition."

With these two sets of criteria defined, let's take a look at our job properties:

<jobProperties>
<properties>
       <property name="win07_app_log">D:/syslogs/localhost/Apps/application.log</property>
       <property name="app_server">WINSRV07</property>
       <property name="notify_bob">broberts@emailsvr.com</property>
       <property name="file_tmp_dir">c:/heymontmp</property>
</properties>
<jobs>
    <job name="Our App Error monitor">
       <description>Monitors Our App log files to send a notification when an error has occurred</description>
       <connection>win07_app_log</connection>
       <systemID>app_server</systemID>
       <scanIntervalSeconds>300</scanIntervalSeconds>
       <destination>notify_bob</destination>
       <queries>
          <query1>$3=ERROR</query1>
          <query2>$4=transformHandler</query2>
       </queries>
       <notifySubject>Errors found in APP log on %s</notifySubject>
       <notifyBody> </notifyBody>
       <type name="ProcessErrorLogJob" useagent="true">
          <logTempDirectory>file_tmp_dir</logTempDirectory>
          <logLineKey>$1$2</logLineKey>
          <logLineRead>5</logLineRead>
          <keyDelimiter> </keyDelimiter>
          <logLineDateFormat>MM-dd-yyyy HH</logLineDateFormat>
       </type>
    </job>
</jobs>
</jobProperties> 

This job has the following properties and settings:

Some tips when using the ProcessErrorLogJob: