2tgzj0
Contributor
Contributor

Log Track Configuration

I am having trouble with the 'Log track configuration' of a script plugin I have made. The script writes to a logfile which I want to monitor. I am able to get the log monitoring working however, the problem is that all the events take on a status of 'Error'. It was my understanding that entries of the monitored log containing 'Error/error/emerg' would automatically create an Event with the status of 'Error'. Likewise, log entries containing 'Warn/Warning' would automatically create an Event with the status of 'Warning'. This problem also means that 'information' log entries produce 'Error' events too. This also means I cant make use of the 'Track Event Log Level' feature either.
0 Kudos
2 Replies
2tgzj0
Contributor
Contributor

-Additional Information-

My script (xml defined) plugin implements the Log File Track Plugin
i.e <plugin type="log_track" class="org.hyperic.hq.product.LogFileTrackPlugin"/> which appears to only be able to extract entries and generate 'Error' events. It would seem that this will not produce specific event statuses i.e. warning, info, debug etc.

As a test, I attached my logfile as apart of my Apache inventory and sure enough I got Apache reporting events regarding entries in my scripts logfile but with correct event statuses. The logfile my script produces is in a similar format to that of Apache

i.e. [timestamp] [event type] <content of event>

The way the Apache plugin parses the logfile, it can strip the [timestamp] [event type] when generating the Hyperic event which is another bonus because the event centre is easier to read.

So basically, I want this! Is it possible to have correct event statuses when implementing 'Log Track' within an xml defined plugin?
0 Kudos
2tgzj0
Contributor
Contributor

-Additional Information-

If I add the same logfile to the 'log monitor' inventory of the builtin sshd plugin, it does not produce correct event statuses either. Maybe this is a bug? What should the logfile look like? Is it sufficient to simply have

<timestamp> <error level> <additional information>

log entries?
0 Kudos