Adding a Monitor for Log Files

A Log File monitor searches log files for content that you specify, and raises an alert if the search string is found inside the file. You can specify whether to search by whole word and if the search is case-sensitive, and use regular expressions to add power and flexibility to your search.

To display the results of log file monitors, see Viewing the Results of Log File Monitors.

When to Use

Log File monitors are useful when you encounter applications that do not expose their status by any other means. When this occurs, typically applications continue appending to logs to record status events for use during troubleshooting.

Additionally, log files present a significant opportunity for you to design your own solutions when combined with Barracuda RMM’s scripting. Partners without development resources available will still have technicians capable of creating batch files that pipe results to a text file.

When to Use an Individual Monitor instead of Adding a Monitor to a Monitoring Policy

The best practice for monitors is to add them to monitoring policies, however you may want to create an individual monitor for log files when:

• You want to monitor a single device and you want to use a UNC full or relative path.
• You want to monitor a file share.

Using Regular Expressions

You can use regular expressions in the Search String field. You can find a quick reference on the regular expression language here.

Some examples of regular expressions you can use are:

Consider using an tester such as https://regex101.com/.

To add a monitor for Log Files

1. Do one of the following:
   • To add the monitor to a policy, in Service Center, click Service Delivery > Policies > Monitoring. Click the name of the monitoring policy. Click the Monitors tab.
   • To add the monitor to a device directly, in Service Center, click Configuration > Alerting  > Monitor & Alert Rules. From the Site list, select the site where the device is located. From the Device list, select the device to which you want to add a monitor.
2. Click Add Monitor.
3. From the Choose Monitor Type list, select Log File.
4. Click Add Monitor.
5. In the Monitor tab, type a title for the monitor.
6. Optionally, type a description for the monitor.
7. Do one of the following
   • If you are applying the monitor to devices directly, in the Log Monitor section, select UNC File Path or Local File Path. Type the path to the log file in the File Path box. For example, \\192.168.0.1\C$\Program Files\Application\example.log.
     NOTE For UNC paths, the log file must be accessible via UNC path from Onsite Manager. Network-mapped drives are user specific and are not accessible to Windows Services. Full or relative paths are accepted. Environment variables such as C$ to indicate a shared folder and %ProgramFiles% to indicate the fully qualified name of the folder are accepted.
   • If you are creating a monitor to add to a monitoring policy, in the Log Monitor section, type the local path to the log file in the File Path box. For example, C:Program Files\Application\example.log.
     The log file must be accessible via UNC path from Onsite Manager. Network-mapped drives are user specific and are not accessible to Windows Services.
8. In the Search String box, type the search values as a text string.
   NOTE Regular expressions are accepted.
9. If desired, do one of the following:
   • To return only similarly cased entries in the log, select the Match Case check box.
   • To prevent finding the search string contained in another word, select the Match Whole Word check box.
   • To use regular expressions in the Search String box, select the Use Regular Expressions check box.
10. Select a polling interval.
11. To configure an alert, see Setting Alert Actions.
12. Click Save.