Check a Directory of Logs

Check Multiple Strings in Logs

Graph Logs with Graphite

Graph Logs with Cacti

Check & Alert on Log Inactivity

Checking Directory File Count

Checking Log File Growth

Monitor Logs w/ LoGRobot

( Linux (all flavors), HP-UX, AIX, SunOS )

ADVANCED, DETAILED LOG MONITORING & ALERTING FOR UNIX SYSTEMS. Works on all log files regardless of Log Type, Log Format or Log Size - Designed to handle all log monitoring Requirements - No matter how complex!

Trial Version Download

 

Xray Log Files, Get Detailed Information of All Monitored logs

Log File Monitoring - Scan, Alert, Report, Analyze, Graph!

Functionality / Specialty:

Simplifies All Log Monitoring Tasks, Specializes mainly on the Monitoring of UNIX Log Files; Alerts directly off User-Specified Conditions and/or Automatically Identified Anomalies - Requires NO changes to your systems; Has NO Library/Module dependencies!

logXray

Click above link to download

Log File Pattern Exclusions

Search via time-Frames

Watch for Expected Entries

Database Log File Check

Check Log Time Stamp

Advanced Stats on Logs

Alert on Log Time Stamp

Scanning and Monitoring Logs - Check logs for errors - Scan/Scrape logs for exceptions, Monitor any UNIX Log file (Linux, AIX, SunOS, HP-UX) - log analysis - Alert & send Notifications ; Monitor log content, directories, Size, Growth, Timestamp...etc ; Works on all log types ( Application Logs, Database Logs, System Logs, Custom Logs ) - Generate Excel Reports on Past Log Alerts:  Through the NAGIOS screenshots provided on this page, we show some of the many different ways LogRobot, in conjunction with NAGIOS, simplifies the process of monitoring logs on hundreds and even thousands of hosts.  If you DO NOT have NAGIOS installed in your UNIX environment, no need to worry.  It can be automatically installed for you OR you may setup LogRobot to run as a Standalone.  Alert notifications on all log checks are sent via Emails.

Monitor, Graph, Report, Analyze & Alert On All Log Files On Any UNIX Host:

Java, HTTP, Apache, Tomcat;catalina.out, Splunk, Mysql, Oracle, Postfix, Log4j, Mail, Weblogic, Glassfish, System Logs, Custom logs and much more!

State of Monitored Log

Log Entr(ies) Not Found

Show Errors Found in Log

Monitor Large Log Files

Monitor Dynamic Log Files

Alert when Log Not found

What We Do:  LogRobot provides Reliable, Efficient and Convenient ways of monitoring logs (with or without Nagios) on UNIX Systems. It ensures Prompt and Accurate notifications on all active log checks and provides users the ability to generate professional Excel spreadsheets / reports on past log check alerts. Additionally, it can also be configured to fire off notifications whenever content anomalies are detected in monitored logs.  With LoGrobot, users can keep a constant eye on critical UNIX logs; ensure logs are being updated regularly, Scan log files for specific entries or unusual / unfamiliar patterns, Avoid having to write time consuming log monitoring script(s), configure log monitoring checks within seconds, never again worry about frustratingly searching for and installing terrifying dependencies, installs cleanly on all UNIX hosts!

Cacti Screenshots:  Graph the occurrence or lack of occurrence of specific keywords, strings or patterns - Trend log file characteristics to determine and isolate abnormal behavior in the frequency of entries logged

        

Real Time Log Monitoring: Automatically Send Log Monitoring Data to Graphite from the Monitoring Server - Setup Checks in Nagios, see them in Graphite - Graph Log Statistics without Any Additional Configuration!

 

Quick References to some of LoGrobot's most popular functions

  1. Log File Checks - Check Logs for Specific Entries - Specify a List of Patterns to Exclude

  2. Check Log Files for Expected Records - Alert when those entries are NOT found

  3. Set up Checks to Show All Entries from a Monitored Log File that Triggers an Alert

  4. Check Log Files for User-specified Strings - Do NOT show the alerting entries in the alert

  5. Check Dynamic Logs - Take into account Log Rotation and monitor accordingly

  6. Specify Timeframe for Log Search - Scan Logs for Minutes, Hours, Days, Weeks of Data

  7. Apache Log File Analysis - Generate Excel Reports on your Apache Log Content

  8. Check logs for multiple strings / patterns using command line or Config files (if desired)

  1. Check A Directory of Log Files, without having to specify the log files ahead of time

  2. Setup Log Checks for Directory File Count - Monitor the number of files in a directory

  3. Automatically Send Log File Check Results to Graphite, and graph them - no complex setup!

  4. Check Log Time Stamps - Set up Monitoring Checks to Alert when logs stop updating

  5. Check Log File Size - Monitor the disk space consumption of specific files

  6. Automatically Install Nagios on Red Hat, CentOS, Ubuntu Hosts (avoid manual installs!!!)

  7. Log Analysis Checks - Alert when a deviation is identified in overall behavior of a log file

  8. Automatically Generate Color-Coded Excel Reports on Log Alert History

Simplified Log Monitoring:  Monitor Logs of Any Application or Database regardless of Format or Size, Generate Quick & Easy Reports on Past Log Check Alerts, See Offending log entries in all dispatched Alert Notifications

Who needs logrobot?

 

Download logrobot if you wish to:

  • Monitor unlimited logs from various Application / Database servers - Alert on specific errors

  • Implement a log monitoring solution that does not require the installation of nonnative modules

  • Monitor & Alert on any log file regardless of size, date and/or time format

  • Monitor multiple log files without any complex time consuming configurations

  • Obtain an automated tool that is configured and ready to go right out of the box

  • Use Nagios or Icinga or Crontab/Emails to Manage the Monitoring of All UNIX Logs

  • Automatically generate Nagios log check configs for several log files on multiple hosts

  • Outsource Log Monitoring or do it yourself with FREE support from our 24/7 Customer Service!

    • Have a technical support team on standby to accommodate all custom requirements

  • Generate automatic color-coded Excel Reports on the alert history of all log checks

  • Avoid writing several scripts of your own, or downloading amateur scripts off the net

  • Utilize a reliable log monitor that is maintained regularly & used heavily in production environments

  • Analyze Logs: Get Notified when unfamiliar lines are introduced into system / application logs

  • Get alerts when critical log files stop getting written to after a specified period of time

  • Utilize an efficient log monitoring tool that eliminates the need to maintain several configuration files

  • Scan logs for specific entries and exclude a list of user specified patterns from the result

  • Allows for monitoring of all log files, even Windows files (mounted through NFS on a UNIX server)

  • Inform through each alert how long ago a particular string / pattern / keyword was last found in a monitored log

  • Remote Agent Included to enable monitoring of logs on several hosts FROM ONE master

    • This is for users who don't currently have NRPE installed in their environment

      • Allows complete control of log checks on all remote hosts / servers

  • Automatically figures out conditions on which to recover alerts, based on log content & other variables

  • Automatically detects log file type and format without user intervention

  • Get notified via email of all events related to your log of choice on any server(s) you specify

  • Updated regularly to meet new demands from various clients / companies

See Complete list of Features

 

Graphing Log Files:

 

 

Example 1:

Using Cacti, a log file on 6 different servers is being graphed for 500 related errors

Each server below is tagged with a different color for easy identification:

 

Example 2:

Using Cacti, a log file on 8 different servers is being graphed for 500 related errors

Each server below is tagged with a different color for easy identification:

 

Download Now

 

 

Monitor Specific Log Files in A Specific Directory for New Occurrences of Specific Strings

Case Scenario:

Monitor all log files in the /var/log directory that have the word 'messages' in their names.  Check each log found matching this criteria for new entries containing the string 'ERROR'. 

If the number of entries found in any 'messages' file in the directory is less than 5, exit with an OK status.  If above 5 but less than 10, alert as Warning.  If above or equal to 10, alert as Critical.

Command:

logrobot  autoblz  /var/log,include:messages  30m  'ERROR'  '.'  5  10  log_mon_3  -ndfoundn

 


Scan / Monitor log files for user-defined entries & EXCLUDE specific lines from the results

Case Scenario:

Within the last 30 minutes, find out how many lines in the log file [ /var/log/app.log ] contain both entries of "ERROR" and "Client". If any lines are found containing these two strings (ERROR.*Client), take note of that.

From the list of lines found, see if there are any lines that also contain the keywords "error 404" OR "updateNumber".  If there are, remove them from the list.  After removing them, show me what is left.  If the number of lines left is between 5 and 9, alert as WARNING.  If equal to or over 10, alert as CRITICAL.  If below 5, do not alert!

Command:

logrobot  autonda  /var/log/app.log  30  ‘ERROR.*Client’  '(error 404|updateNumber)'  5  10  applog_tag  -ndshowexcl

 


Monitor log files for certain entries - ALERT IF those entries are NOT found 

Case Scenario:

For instance, within the last 30 minutes, if logrobot does not find at least 2 lines containing the words "Success" and "Client"  and "returned 200" OR "update:OK" in the log file, it must alert.  So in other words, the lines to search for MUST contain both words of Success & Client (Success.*Client) AND one or both of the strings returned 200 and update:OK.

Command:

logrobot  autonda  /var/log/app.log  30  ‘SUCCESS.*Client’  '(returned 200|update:OK)'   2  2  expected_entry_tag  -ndnotfoundn

 


Scan Log files for specific entries & display all offending lines in alert

 

This is particularly helpful in cases where you might want to see the actual lines that contain the patterns you instructed the tool to search for.

 

 

Example:

logrobot  autonda  /var/log/app.log  30  ‘ERROR.*Client’  '(returned 200|update:OK)'   5  10  error_exceptions  -ndshow

 


Scan log files for minutes, hours, days, weeks or months worth of data

 

For instance, to pull out 2 weeks of information from within a large log file and to find out how many lines contain certain strings and patterns, you can run a command similar to this:

 

Example:

logrobot  autofig  /var/log/app.log  2w  ‘ERROR|error|panic|fail’  ‘ERROR|error|panic|fail’  5  10  -foundn

 

Notice the [ 2w ].  And also, notice the strings being searched for.  I repeated the strings ‘ERROR|error|panic|fail’ twice because there is no need to specify different search terms to look for.  You don't have to repeat the first string.  You can just enter a dot in its place for the second string..i.e:

 

logrobot  autofig  /var/log/app.log  2w  ‘ERROR|error|panic|fail’  ‘.’  5  10  -foundn

 

From this specific example, I'm telling logrobot that I care about EVERY single line that contains any of the keywords I provided.  The [ 2w ] of course means 2 weeks. 

 

See below for the different ways of specifying the date range:

 

5m = 5 minutes (changeable to any number of minutes)

10h = 10 hours (changeable to any number of hours)

2d = 2 days (changeable to any number of days)

2w = 2 weeks (changeable to any number of weeks)

3mo = 3 months (changeable to any number of months)

 

 


Suppose you inherit a UNIX environment at a new job and you're unfamiliar on what to look for within the logs of a particular application, here's an idea; instead of worrying about what to watch for, why not force the logs to reveal their hidden contents?

 

In the example below, logrobot was instructed to search the entire messages file (denoted with the '.').  Then, it is to ignore every line that contains any one of these specific strings: 'nagios-primary nagios' OR 'not responding' OR 'synchronized to'.  Whatever lines are left after these THREE patterns are ignored should be outputted to the screen.

 

The logic here is; if you can identify which entries in the logs are of NO importance to you, you can exclude them from being monitored.  Therefore, if a log file is stripped of the familiar and unwanted, whatever is left will be unfamiliar, thus requiring investigation.
 
[root@nagios-primary ~]# logrobot autofig /var/log/messages 24h '.' 'nagios-primary nagios|not responding|synchronized to' 1 5 -showexcl

Jun 13 13:40:04 nagios-primary abrt[8269]: saved core dump of pid 8128 (/prod/nagios-core/sbin/status.cgi)
Jun 13 13:40:04 nagios-primary abrtd: Directory 'ccpp-2012-06-13-13:40:04-8128' creation detected
Jun 13 13:40:04 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any
Jun 13 13:40:04 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-13-13:40:04
Jun 14 02:20:41 nagios-primary auditd[5813]: Audit daemon rotating log files

2---0---(93)-(41064)-(0.226476%)-(28.4323)-(422.97)---ATWFILF---(Jun/13)-(13:23)---(Jun/14)-(13:23:26)
 

 

Configuring Logrobot in nagios (if using the common NRPE agent)

 

Using logXray / LoGrobot with NRPE

What is NRPE?  nrpe is a Monitoring Agent that lives on the Monitored Hosts - It runs as a daemon and listens for instructions on when to run specific checks.

 

  1. Add the following line to your ( nrpe.cfg ) file - Replace the path with your own:

===> command[check_unix_logs]=/home/nagios/nrpe/plugins/logmonitor/logxray $ARG1$

  • Save and Quit the nrpe.cfg file

  • Restart the nrpe agent/service

  • Test and verify it works

 

  1. After the nrpe.cfg file on the remote host has been set up as described above, go to the Nagios Master Server and run a command similar to this:

===> check_nrpe -n -u -H 10.20.30.40 -c check_unix_logs -a 'localhost /home/plugins/logmonitor autonda /tmp/test.log 60m oracle_errors '.' 1 1 oracle_errors -ndshow'

 

  1. To test logXray from the command line (on the Monitored/Remote Host) for verification that things work and all is well, run a command similar to the below:

===> ./logxray localhost /home/nagios/nrpe/plugins/logmonitor autonda /var/log/syslog 60m '.' '.' 1 2 modif_check -ndshow

===> ./logxray localhost /home/nagios/nrpe/plugins/logmonitor autonda /var/log/messages 60m '.' '.' 1 2 modif_check -ndshow

 

  1. To set up a log check in the ( services.cfg ) file, mimic the below definitions:

 

define service {

host_name                                         hostname1,hostname2,hostname3

service_description                            LogCheck_Hub12_hub.sym

check_command                               check_unix_logs!'localhost /home/nagios/nrpe/plugins/logmonitor autonda /opt/i2/log/hub.sym 60m 'error|fail|panic' '.' 1 1 hub12_hub.sym -ndshow'

contact_groups                                  db-group,application-group

max_check_attempts                        1

check_interval                                    360

use                                                     unix_service

}

 

NOTE: 

  • For more information on how to run and use the logXray / LoGrobot tool, type: './logxray help' at the command line

  • If You are using a different monitoring agent other than NRPE to run log checks on remote hosts, contact Support@logXray.com

 

Configuring Logrobot in nagios (commands.cfg & services.cfg files - if using the monitoring agent included with Purchase


Your [ commands.cfg file ] will contain:

define command {
                            command_name         NLM
                            command_line            $USER1$/nlm $HOSTNAME$ $ARG1$ $ARG2$ $ARG3$ $ARG4$ "$ARG5$" "$ARG6$" $ARG7$ $ARG8$ $ARG9$ $ARG10$ $ARG11$
}


OR


define command {
                            command_name         NLM
                            command_line            $USER1$/nlm $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$ $ARG4$ "$ARG5$" "$ARG6$" $ARG7$ $ARG8$ $ARG9$ $ARG10$ $ARG11$
}
 

Your [ services.cfg file ] will look similar to:

define service {
                      check_command                         NLM!logrobot!autonda!/var/log/proteus.log!15!500.html!500 Internal Server Error!1!2!500_Errors!-ndshow
                      max_check_attempts                  1
                      service_description                     500_ERRORS_LOGCHECK
                      host_name                                  logrobot-01.net,logrobot-02.net,logrobot-03.net
                      use                                              five-minute-interval
 }
 

Back to Top


After the above configuration is completed, follow the instructions below:

  1. Copy (scp) the logrobot package file to each one of the remote hosts (in the above example, I would have to copy it to each one of the hosts specified for "host_name")

  2. When the logrobot package file has been copied over to the remote hosts, unzip it, then run the install script on each of the hosts:

  •  unzip logrobot.zip  ; cd logrobot

  •  [  ./InstallAgent.sh     /apps/magent     5666     10.20.30.40     master   ]   --- Change the port to an open TCP port, change the IP to match the IP of the Master server.

  1. On the master server, (the server on which Nagios is installed, and from which you plan on monitoring all your log files), run this:

  •  unzip logrobot.zip  ; cd logrobot

  •  [  ./InstallAgent.sh     /apps/magent     5666     10.20.30.40     master   ]   --- Change the port to an open TCP port, change IP to match the IP of the Master server.

 

To test that everything works as it should, on the Master server, run the following command (change the parameters as needed):

  •  ./nlm    logrobot-01.net    logrobot    autonda    /var/log/proteus.log   15m   '500.html'   '500 Internal Server Error'   2   3  proteuslog   -ndshow

 

What's going on with the above command?

We're basically telling Nagios to:

  • monitor the log file named /var/log/proteus.log on the remote host logrobot-01.net

  • scan the last 15 minutes of information of the log file - in other words, pull out 15 minutes worth of information/lines

  • from the 15 minutes worth of information, alert as Warning if at least 2 lines (but less than 3 lines) are found that contain 500.html and 500 Internal Server Error'.

  • from the last 15 minutes of information, alert as Critical ONLY if 3 or more lines are found that contain 500.html and 500 Internal Server Error'.

  • alert as OK if less than 2 lines are found in the log file matching the specified strings / patterns

  • if an error is found in the log, keep alerting until a time period of at least 15 minutes has passed WITHOUT any new problem lines added to the log

  • the "-ndshow" will show you the actual lines from the log that triggered the alert.

  • the "autonda" is a feature which allows logrobot to monitor any log file given to it, regardless of log file type, format, or size

 

Sample Screenshot

 

Another Screenshot setup:

 

Back to Top

Differences between "autofig" and "autonda"

AUTOFIG:

Command:

  • nlm   remotehost   logrobot   autofig   /var/log/syslog  90m   'ntpd'   'stratum'   5   10   -foundn

OR

  • ./logrobot   localhost   /apps/magent  autofig   /var/log/syslog   60m   'kernel|panic'   '.'  3   5  -foundn

 

Autofig Basic Usage: 

[root@monitor jbowman]#
[root@monitor jbowman]#
[root@monitor jbowman]# logrobot autofig /var/log/messages 1440 'ntpd' 'stratum' 5 10 -foundn
 

2---240---108---ATWFILF---(Apr/13)-(03:35)---(Apr/14)-(03:35:23)


[root@monitor jbowman]#
[root@monitor jbowman]#

So now lets break this down:

logrobot is the tool name.

autofig is an option that is passed to the logrobot tool to tell it what to do.  In this particular case, autofig is instructing logrobot to "automatically figure out" what type of log file /var/log/messages is, and if the format of the log file is supported, perform the remaining functions.  If the log type is not supported, use "autonda".  "autonda" is a much advanced version of "autofig", equipped with the capability to monitor any log file, regardless of format.

/var/log/messages is of course the log file.

1440 is the amount of previous minutes you want to search the log file for. 1440 = last 24 hours.

"ntpd" is one of the strings that is in the lines of logs that you're interested in.

"stratum" is another string on the same line that you expect to find the "ntpd" string on. Specifying these two strings (luance and Err1310) isolates and processes the lines you want a lot quicker, particularly if you're dealing with a huge log file.

5 specifies Warning. By specifying 5, you're telling the program to alert as WARNING if there are at least 5 occurrences of the search strings you specified, in the log file within the last 60 minutes.

10 specifies Critical. By specifying 10, you're telling the program to alert as CRITICAL if there are at least 10 occurrences of the search strings you specified, in the log file within the last 60 minutes.

-foundn specifies what type of response you'll get. By specifying -foundn, you're saying if anything is found that matches the specified strings within the 60 minute time frame, then that should be regarded as a problem and outputted out.

Summarized Explanation:

As you can see, the logrobot tool is monitoring a log file. The arguments that are passed to the tool instructs it to do the following:

Within the last 60 minutes, if the tool finds less than 5 occurrences of the specified strings in the log file, DO NOT alert. If the tool finds between 5 to 9 occurrences of the specified strings in the log, it'll alert with a WARNING. If the tool discovers 10 or more instances of the strings in the log within the last 60 minutes, it'll alert with a CRITICAL.

Now, let us look at the result of the command:

2---240---108---ATWFILF---(Apr/13)-(03:35)---(Apr/14)-(03:35:23)

There are 6 columns which are separated by 3 hyphens (---).  The first column shows the exit code of the command you just ran.  0 means all is well. 1 means WARNING, which means, logrobot discovered conditions that fell under the WARNING specification you provided.  2 means CRITICAL, which means, the worst case scenario has been reached.

In this particular example, here's what the output is telling us: 

You requested to have the /var/log/messages file scanned as far back as 24 hours ago (1440 minutes).

The timeframe that was scanned was from [ April 13, 03:35 ] to [ April 14, 03:35 ].  After scanning through the records that were written to the log in that time frame, logrobot found 108 lines that contained both strings of "ntpd" and "stratum 2".  Also, as an FYI, the last date and time those specific strings were found in the log file was 240 seconds ago.

 

AUTONDA:

Command:

  • nlm   remotehost   logrobot   autonda   /var/log/syslog   60m   'kernel|panic'   '.'   3   5   syslog_check   -ndshow

OR

  • ./logrobot   localhost   /apps/magent  autonda   /var/log/syslog   60m  'kernel|panic'  '.'  3  5  syslog_check   -ndshow
     

Explanation:

 

  1. Monitor the /var/log/syslog file

  2. The log file to monitor is /var/log/syslog file

  3. Monitor this log for any line containing "kernel" or "panic".

    • Indicated with the 'kernel|panic'  and  '.'

  4. If the number of lines found is less than 3, exit with an OK

  5. If the number of lines found is greater than or equal to 3, and less than 5, exit with a WARNING

  6. If the number of lines found is greater than or equal to 5, exit with a CRITICAL

  7. The name of this log check is syslog_check

  8. Whenever lines are found in the log containing the specified strings, we want to see those lines.

    • Indicated with the -ndshow

Advanced monitoring of Log Files

 

What is a Log File Monitor?

A log file monitor is a utility designed and built specifically to monitor and alert on messages produced by computer systems and the applications that run on them.

In UNIX, the monitoring of log files is absolutely necessary, and for good reason. You see, the time of a Unix Professional is valuable. Few, if any, can afford to spend hours each day scouring through the many log files that are generated by systems and network applications. However, if you fail to quickly recognize the abnormal events chronicled in these log files, entire networks can be abused and/or removed from service....which can cost your company dearly, monetarily speaking.

If you wish to monitor log files, there are basically [ 3 ] options available to you:

  1. Try writing your own log monitoring script and see how far that takes you (this is worth looking into ONLY if you're an experienced programmer who understands efficiency!)

  2. Download any of the FREE log monitoring scripts that are available all over the internet OR

  3. Purchase a maintained professional tool that is equipped with the capability to handle any log monitoring requirement, no matter how unique or complex it is

If you embark on a journey to write your own script, you have to understand that it will be an endeavor that will take a long time to complete, and that's assuming you're a skilled programmer.  Monitoring log files goes far beyond simply watching the contents of files for specific errors.  As time goes on, there will be new requirements, changes, and continuous requests for modifications which in the end, if the developer isn't creative, can lead to an unusable script - one that is not user friendly.

If you choose to download any of the FREE log monitoring scripts that are available on the internet, you will eventually discover how ineffective they all are and how much work will be necessary to get them to cooperate.  If this is the option you choose to go with, there are some very important questions you will need to answer:

  1. Is this method scalable?

    • Can I use this one method to easily monitor different logs on several hundred servers, OR

    • Am I going to have to do a lot of painful maintenances, configurations, compilations, installations, tweaking(s) etc?

    • Will I be able to easily administer the creation and modification of several log checks (from a central location) using this method?

The answers to these questions are usually quite depressing.  However, the Good News is, LoGrobot was built to specifically handle situations like these.

 

Characteristics of the Ideal Log Monitor:

When searching for the right utility to use to monitor & alert on log files, what features should the perfect tool have?

The ideal log monitor must be able to scan and monitor log files in a very short period of time, preferably in seconds (no matter how big the log file is).

At the very least, the perfect log monitor must be able to:

  • Detect abnormal usage patterns in log files (this requires automated mathematical analysis)

  • Recognize system or network abuse (through use of same mathematical analysis mentioned above)

  • Detect vulnerability scans (e.g. port scans) through the use of user-specified patterns and/or analysis

  • Detect intruders or attempted intrusions (through the use of user-specified patterns or analysis)

  • Detect resource shortages (e.g. slow response times, out-of-memory conditions etc)

  • Avoid duplicate alerts - must be intelligent enough to only generate notifications on valid breaches of thresholds

  • Detect imminent application and system failures

  • Scan, monitor & alert on log files of different formats (this is absolutely crucial)

While each feature listed here is important, it is worth noting that also as important is the fact that, the perfect log monitoring utility must be easy to use. Users SHOULD NEVER have to spend an exorbitant amount of time reading documentations before being able to utilize a software.  The more complex a utility is, the more likely it is to be used the wrong way or abandoned altogether.  Imagine having to re-read the Instruction Guide of your Television remote control each time you wanted to use it. Can you picture the annoyance of that?

When it comes to log monitoring, ease of use is essential.  This cannot be stressed enough. The developer(s) must focus a great deal of effort into drastically limiting or eliminating the need for complex configuration files. Also, the syntax of the tool must be easily comprehensible and applicable directly from the command line. This means, if a random user were to run the tool from the command line, there shouldn’t be room for confusion. That user should be able to conveniently obtain whichever end result he/she was expecting WITHOUT having to read several pages of complicated instructions or desperately scouring Google for help!

This is where the superiority of logrobot comes into play.  logrobot is a commercial Log Monitoring utility that is very easy to utilize.  It is robust, seasoned and efficiently versatile like no other tool.  It understands the overriding significance of alert notifications and focuses on ensuring only valid alarms are generated for the log files and directories it monitors.  Installation wise, logrobot does not require the addition of any nonnative modules or libraries to the system.  Which means, you can install it freely on production/dev/qa servers without tampering with existing libraries or modules.

logrobot has a wide range of capabilities. It isn't limited to only scanning log file contents for errors.  It can do virtually anything related to log monitoring.  Additionally, logrobot has years of real life situations, possibilities and conditions built into it, which basically means it is highly unlikely you will come up with a need that hasn't already been thought of and programmed into the tool.  In the unlikely event that does happen, chances are, work is already in progress to address it.

To efficiently monitor every critical log file in your UNIX environment however you need them monitored, download your copy of logrobot below!!

 

Back to Top

Suppose you inherit a UNIX environment at a new job and you're unfamiliar on what to look for within the logs of a particular application, here's an idea; instead of worrying about what to watch for, why not force the logs to reveal their hidden contents?

 

In the example below, logrobot was instructed to search the entire messages file (denoted with the '.').  Then, it is to ignore every line that contains any one of these specific strings: 'nagios-primary nagios' OR 'not responding' OR 'synchronized to'.  Whatever lines are left after these THREE patterns are ignored should be outputted to the screen.

 

The logic here is; if you can identify which entries in the logs are of NO importance to you, you can exclude them from being monitored.  Therefore, if a log file is stripped of the familiar and unwanted, whatever is left will be unfamiliar, thus requiring investigation.
 
[root@nagios-primary ~]# logrobot autofig /var/log/messages 24h '.' 'nagios-primary nagios|not responding|synchronized to' 1 5 -showexcl

Jun 13 13:40:04 nagios-primary abrt[8269]: saved core dump of pid 8128 (/prod/nagios-core/sbin/status.cgi)
Jun 13 13:40:04 nagios-primary abrtd: Directory 'ccpp-2012-06-13-13:40:04-8128' creation detected
Jun 13 13:40:04 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any
Jun 13 13:40:04 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-13-13:40:04
Jun 14 02:20:41 nagios-primary auditd[5813]: Audit daemon rotating log files

2---0---(93)-(41064)-(0.226476%)-(28.4323)-(422.97)---ATWFILF---(Jun/13)-(13:23)---(Jun/14)-(13:23:26)
 

 


 

Taking simplicity to a New level:

Instead of forcing users to have to read complex documentations, logrobot provides real life examples of its usage right from the command line. Yes, REAL LIFE EXAMPLES! No guessing, no confusion, no scratching of the head. We strongly believe in simplicity and we take the extra steps many utilities refuse to take.

In the below output, let's say you forgot how to use the logrobot tool. Instead of having to find the documentation and then having to read it as well, you can just run the the tool from the command line and pass to it the option you're interested in...i.e. autofig (or you can type 'auto' to get more information on other available features).

Example:

[root@nagios-primary ~]#  ./logrobot  autofig

----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------

Scan log file for 30 minutes worth of information. Show all lines found containing 'ERROR'
----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------


EXAMPLE:

./logrobot  autofig  /var/log/messages  30m   'ERROR'   '.'   5  10  -show


----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------

 

 

Log Reporting:

If you need to generate a Report on any log check, just run a variation of either of these commands:

  1. logrobot  autodoc  access_actmon  1h  Support@logrobot.com  reports

  2. logrobot  autodoc  access_actmon  Oct/20/2013/08:00,Oct/20/2013/09:00 Support@logrobot.com  reports

The first command will pull all syslogCheck alerts generated within the last 1 hour.  It'll format and process them.  Then the finished report will be sent to the specified email address. 

The second command allows you to specify a date range from which to retrieve generated alerts.  This too will format the data gathered and send it in a color coded excel report to the email address listed.

As you can see from both commands, there's no complexity to creating reports via logrobot. It's all a simple plug and play. The point of this particular feature is to provide users with an easy to read chronological order of alerts, in a report format...which can then be sent to upper management or used for your own individual purpose.

 

 

Automated Nagios Config Creation:

 

If you're not all that familiar with Nagios, and you need to create several log checks, there's an automated feature available that'll do all that work for you.

When you want to set up a new check (or several of them), run this interactive program at the command line:

  • nlm autocfg nagios hosts

This neat little function does not require you to remember what value goes in what field in the command line parameters.

 

All you need to do is:

  1. Replace the sample values already set in the vi page that comes up, with those that match yours.

  2. Save your modifications and exit the file (:wq!)

  3. Answer the two prompts that come up.

The configs will then be automatically generated for you.

 

 

Complete List of Features Included with the LoGrobot Log Monitoring Utility

 

   

  1. Configurable to run either via Nagios or via CRONTAB

    • Get email alerts & notifications on all log checks regardless

  2. Automatically send log statistics to Graphite for Trending

    • No need for any extra configurations on your part!

  3. Monitor log files for abnormal behavior/activity

  4. Manage log file checks from a central location

    • Eliminate tedious administration

    • Avoid cumbersome maintenances

  5. Monitors custom application Log Files of any application or database on any Unix host

  6. Simple, pluggable command-line parameters (no need for any confusing configuration files)

  7. Monitor Directory File Count***

  8. Can be configured to alert on the size / disk usage of all monitored log files

    • Example:

      • Alert if the size of /var/app/custom.app.log exceeds 10MB

  9. Configurable to alert on the growth of log files

    • Example:

      • Alert if the most recent size of /var/log/messages is the same size it was at the time of last check

  10. Monitor all logs in a specific directory

    • Point logrobot to ANY directory with just one check!

      • Avoid having to define separate checks for each log file

    • Specify the type of files to exclude / include in monitoring

  11. Monitor timestamps of files (ensure specific logs are being updated regularly / frequently)

  12. Scan specific logs via time frames (i.e. previous 20 minutes, 60 minutes,  1 day, 1 week etc)

  13. Alert when expected records of events are NOT found within a set period of time

  14. In-Depth Analysis: check logs for instances of unusual entries - Identify & Alert on Deviations

  15. Monitor multiple log files simultaneously without any complicated steps to follow

  16. Scan logs for specific entries and exclude a list of user specified patterns from the result

  17. Allows for monitoring of all log files, even Windows files (mounted through NFS on a UNIX server)

  18. Provides information in each alert on how long ago a particular string/pattern was last found in a monitored log

  19. Remote Agent Included to enable monitoring of logs on several hosts FROM ONE master

    • This is for users who don't currently have NRPE installed in their environment

      • Allows complete control of log checks on all remote hosts / servers

  20. Automatically figures out conditions on which to recover alerts, based on log content & other variables

  21. Automatically detects log file type and format without user intervention

  22. Get notified via email of all events related to your log of choice on any server(s) you specify

  23. Updated regularly to meet new demands from various clients / companies

 

 


 

 

Supported Log Files

  • Will all my logs be supported?

    Yes, all log types / log formats are supported:

    • Tomcat Catalina.out logs

    • Apache Maxclient logs

    • Apache access logs

    • Apache error logs

    • OutOfMemory logs

    • JBoss log files

    • Java log files

    • Weblogic logs

    • Glassfish logs

    • Syslog log monitor

    • Maillog / Postfix / Syslog log files

    • Mysqld / Oracle Alert logs

    • Log4j

    • And much more!

      • Monitor any type of log file regardless of format or size
         

Back to Top

Log Analysis & Alerting:

 

 

Log Analysis is a term often used inaccurately and lumped incorrectly with various other log monitoring duties.  In actuality, Log Analysis encompasses a few functionalities that are quite different from the typical monitoring of logs.

 

The most basic purpose of Log Analysis is to automatically, without much human intervention, identify issues and threats, based on observed anomalies. 

 

True Log Analysis is automated. It alleviates the responsibility of having to figure out (through trial and error) the proper alert thresholds to assign to log checks. 

What is the most common function of Automated Log Analysis?

 

Sometimes, it isn't much of an issue if a few errors are spotted in a monitored log. In such cases, it may be preferable to application developers / system or db administrators for alerts to be generated only when the frequency of the "errors" is identified to be abnormal or unusual.

 

LoGRobot is equipped with a mathematical mechanism that watches for this.

 

If you're not sure of how many errors indicate a serious application, system, database or network issue, it is recommended you put logrobot's "analysis" option to use.

 

See the documentation for more information, or contact support.

 

 

 

Hourly / Minutely Log Summary:

 

Summarize Log File content either Minutely or Hour by Hour

 

If you wish to quickly identify, from your logs, what time period an issue occurred, logrobot can accomplish that for you effortlessly.  The options to use are "-exceldm" and "-exceldh".  These two options are designed specifically for minute by minute or hour by hour analysis.

 

EXAMPLE 1:

 

If you wanted to find out how many instances of your search patterns occurred each hour for the last 1 day, examine the below.  The very first line of the output here tells us there are 2551 instances of the occurrence "CRITICAL" at the 6:00 hour. This immediately tells us it was in the 6:00 hour something serious happened.

 

[root@nagios-master ]# logrobot  autofig  /var/log/messages  1d  'CRITICAL'  '.'  1  2  -exceldh

 

 

 

Search through the [ syslog ] file. Find out which HOUR within the last 8 hours had the most entries logged:

 

nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$ logrobot  autofig  /var/log/syslog 8h  '.'  '.'  1  2  -exceldh


frq=553,zsc=1.52781,asc=[
Oct-17-(10)]
frq=531,zsc=1.29027,asc=[Oct-17-(11)]
frq=456,zsc=0.480479,asc=[Oct-17-(12)]
frq=384,zsc=-0.296925,asc=[Oct-17-(09)]
frq=383,zsc=-0.307722,asc=[Oct-17-(07)]
frq=376,zsc=-0.383303,asc=[Oct-17-(06)]
frq=362,zsc=-0.534465,asc=[Oct-17-(08)]
frq=247,zsc=-1.77615,asc=[Oct-17-(05)]


nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$

 

Back to Top

Search through the [ syslog ] file once again.  This time, find out which MINUTE(S) within the last 1 Hour had the most entries logged:


nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$ logrobot  autofig  /var/log/syslog 1h  '.'  '.'  1  2  -exceldm


frq=19,zsc=3.01441,asc=[
Oct-17-(12:20)]
frq=17,zsc=2.4241,asc=[Oct-17-(12:19)]
frq=15,zsc=1.8338,asc=[Oct-17-(12:56)]
frq=15,zsc=1.8338,asc=[Oct-17-(12:23)]
frq=15,zsc=1.8338,asc=[Oct-17-(12:18)]
frq=14,zsc=1.53865,asc=[Oct-17-(12:55)]
frq=14,zsc=1.53865,asc=[Oct-17-(12:05)]
frq=13,zsc=1.2435,asc=[Oct-17-(12:50)]
frq=13,zsc=1.2435,asc=[Oct-17-(12:24)]
frq=12,zsc=0.948352,asc=[Oct-17-(12:57)]
frq=12,zsc=0.948352,asc=[Oct-17-(12:25)]
frq=12,zsc=0.948352,asc=[Oct-17-(12:15)]
frq=11,zsc=0.653201,asc=[Oct-17-(12:54)]
frq=11,zsc=0.653201,asc=[Oct-17-(12:45)]
truncated...


nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$
nagios@logrobot-04:/var/log$
 

Back to Top

Scan /var/log/messages for 1 day's worth of information.  Show all lines containing: 'nagios-primary abrtd:'

 

[root@nagios-primary ~]#

[root@nagios-primary ~]#
[root@nagios-primary ~]# logrobot autofig /var/log/syslog 24h '.' 'nagios-primary abrtd:' 1 5 -show

Jun 10 19:45:34 nagios-primary abrtd: Directory 'ccpp-2012-06-10-19:45:34-19662' creation detected
Jun 10 19:45:35 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any package
Jun 10 19:45:35 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-10-19:45:34-19662 (res:2), deleting
Jun 12 07:07:03 nagios-primary abrtd: Directory 'ccpp-2012-06-12-07:07:02-30780' creation detected
Jun 12 07:07:03 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any package
Jun 12 07:07:03 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-12-07:07:02-30780 (res:2), deleting
Jun 13 13:40:04 nagios-primary abrtd: Directory 'ccpp-2012-06-13-13:40:04-8128' creation detected
Jun 13 13:40:04 nagios-primary abrtd: Executable '/prod/nagios-core/sbin/status.cgi' doesn't belong to any package
Jun 13 13:40:04 nagios-primary abrtd: Corrupted or bad dump /var/spool/abrt/ccpp-2012-06-13-13:40:04-8128 (res:2), deleting


2---81900---9---(Jun/7)-(13:27)---(Jun/14)-(13:27:26)---ETWNFILF---(Jun/10)-(03:37:03)---(Jun/14)-(13:27:26)

Back to Top

Show All entries logged in the [ kern.log ] log file within the last 2 HOURS:

 

root@nagios-primary:~#

root@nagios-primary:~#

root@nagios-primary:~#

root@nagios-primary:~# logrobot autofig /var/log/kern.log 2h '.' '.' 1 2 -show

 

Sep 20 17:55:06 nagios-primary kernel: [87310.160050] usb 5-1: new full-speed USB device number 26 using uhci_hcd

Sep 20 17:55:06 nagios-primary kernel: [87310.388215] hub 5-1:1.0: USB hub found

Sep 20 17:55:06 nagios-primary kernel: [87310.390118] hub 5-1:1.0: 4 ports detected

Sep 20 17:55:06 nagios-primary kernel: [87310.673128] usb 5-1.2: new low-speed USB device number 27 using uhci_hcd

Sep 20 17:55:06 nagios-primary kernel: [87310.831895] input: Logitech USB Receiver as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.2/5-1.2:1.0/input/input34

Sep 20 17:55:06 nagios-primary kernel: [87310.832071] logitech 0003:046D:C517.001B: input,hidraw0: USB HID v1.10 Keyboard [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input0

Sep 20 17:55:06 nagios-primary kernel: [87310.863133] logitech 0003:046D:C517.001C: fixing up Logitech keyboard report descriptor

Sep 20 17:55:06 nagios-primary kernel: [87310.865367] input: Logitech USB Receiver as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.2/5-1.2:1.1/input/input35

Sep 20 17:55:06 nagios-primary kernel: [87310.865633] logitech 0003:046D:C517.001C: input,hiddev0,hidraw3: USB HID v1.10 Mouse [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input1

Sep 20 17:55:08 nagios-primary kernel: [87312.249129] usb 5-1.3: new low-speed USB device number 28 using uhci_hcd

Sep 20 17:55:08 nagios-primary kernel: [87312.436287] input: No brand 4 Port KVMSwicther as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.3/5-1.3:1.0/input/input36

Sep 20 17:55:08 nagios-primary kernel: [87312.436429] generic-usb 0003:10D5:55A4.001D: input,hidraw4: USB HID v1.10 Keyboard [No brand 4 Port KVMSwicther] on usb-0000:00:1d.0-1.3/input0

Sep 20 17:55:08 nagios-primary kernel: [87312.442165] usbhid 5-1.3:1.1: couldn't find an input interrupt endpoint

 

2---3240---13---(Sep/20)-(16:49)---(Sep/20)-(17:55:08)---ETWNFILF---(Sep/20)-(17:55)---(Sep/20)-(17:55:08)

Back to Top

Scan through the above output and show ONLY lines that contain the strings "USB HID":

 

root@nagios-primary:~#

root@nagios-primary:~#

root@nagios-primary:~#

root@nagios-primary:~# logrobot autofig /var/log/kern.log 2h '.' 'USB HID' 1 2 -show

 

Sep 20 17:55:06 nagios-primary kernel: [87310.832071] logitech 0003:046D:C517.001B: input,hidraw0: USB HID v1.10 Keyboard [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input0

Sep 20 17:55:06 nagios-primary kernel: [87310.865633] logitech 0003:046D:C517.001C: input,hiddev0,hidraw3: USB HID v1.10 Mouse [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input1

Sep 20 17:55:08 nagios-primary kernel: [87312.436429] generic-usb 0003:10D5:55A4.001D: input,hidraw4: USB HID v1.10 Keyboard [No brand 4 Port KVMSwicther] on usb-0000:00:1d.0-1.3/input0

 

2---3420---3---(Sep/20)-(16:52)---(Sep/20)-(17:55:08)---ETWNFILF---(Sep/20)-(17:55)---(Sep/20)-(17:55:08)

Back to Top

Show once again All entries recorded in the [ kern.log ] log file within the last 2 HOURS:

 

root@nagios-primary:~#

root@nagios-primary:~#

root@nagios-primary:~#

root@nagios-primary:~# logrobot autofig /var/log/kern.log 2h '.' '.' 1 2 -show

 

Sep 20 17:55:06 nagios-primary kernel: [87310.160050] usb 5-1: new full-speed USB device number 26 using uhci_hcd

Sep 20 17:55:06 nagios-primary kernel: [87310.388215] hub 5-1:1.0: USB hub found

Sep 20 17:55:06 nagios-primary kernel: [87310.390118] hub 5-1:1.0: 4 ports detected

Sep 20 17:55:06 nagios-primary kernel: [87310.673128] usb 5-1.2: new low-speed USB device number 27 using uhci_hcd

Sep 20 17:55:06 nagios-primary kernel: [87310.831895] input: Logitech USB Receiver as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.2/5-1.2:1.0/input/input34

Sep 20 17:55:06 nagios-primary kernel: [87310.832071] logitech 0003:046D:C517.001B: input,hidraw0: USB HID v1.10 Keyboard [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input0

Sep 20 17:55:06 nagios-primary kernel: [87310.863133] logitech 0003:046D:C517.001C: fixing up Logitech keyboard report descriptor

Sep 20 17:55:06 nagios-primary kernel: [87310.865367] input: Logitech USB Receiver as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.2/5-1.2:1.1/input/input35

Sep 20 17:55:06 nagios-primary kernel: [87310.865633] logitech 0003:046D:C517.001C: input,hiddev0,hidraw3: USB HID v1.10 Mouse [Logitech USB Receiver] on usb-0000:00:1d.0-1.2/input1

Sep 20 17:55:08 nagios-primary kernel: [87312.249129] usb 5-1.3: new low-speed USB device number 28 using uhci_hcd

Sep 20 17:55:08 nagios-primary kernel: [87312.436287] input: No brand 4 Port KVMSwicther as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.3/5-1.3:1.0/input/input36

Sep 20 17:55:08 nagios-primary kernel: [87312.436429] generic-usb 0003:10D5:55A4.001D: input,hidraw4: USB HID v1.10 Keyboard [No brand 4 Port KVMSwicther] on usb-0000:00:1d.0-1.3/input0

Sep 20 17:55:08 nagios-primary kernel: [87312.442165] usbhid 5-1.3:1.1: couldn't find an input interrupt endpoint

 

2---3960---13---(Sep/20)-(17:01)---(Sep/20)-(17:55:08)---ETWNFILF---(Sep/20)-(17:55)---(Sep/20)-(17:55:08)

 

 

Back to Top

From the above output, exclude all lines that contain 'Logitech' and show me what is left:

 

root@nagios-primary:~#

root@nagios-primary:~#

root@nagios-primary:~#

root@nagios-primary:~#

root@nagios-primary:~# logrobot autofig /var/log/kern.log 2h '.' 'Logitech' 1 2 -showexcl

 

Sep 20 17:55:06 nagios-primary kernel: [87310.160050] usb 5-1: new full-speed USB device number 26 using uhci_hcd

Sep 20 17:55:06 nagios-primary kernel: [87310.388215] hub 5-1:1.0: USB hub found

Sep 20 17:55:06 nagios-primary kernel: [87310.390118] hub 5-1:1.0: 4 ports detected

Sep 20 17:55:06 nagios-primary kernel: [87310.673128] usb 5-1.2: new low-speed USB device number 27 using uhci_hcd

Sep 20 17:55:08 nagios-primary kernel: [87312.249129] usb 5-1.3: new low-speed USB device number 28 using uhci_hcd

Sep 20 17:55:08 nagios-primary kernel: [87312.436287] input: No brand 4 Port KVMSwicther as /devices/pci0000:00/0000:00:1d.0/usb5/5-1/5-1.3/5-1.3:1.0/input/input36

Sep 20 17:55:08 nagios-primary kernel: [87312.436429] generic-usb 0003:10D5:55A4.001D: input,hidraw4: USB HID v1.10 Keyboard [No brand 4 Port KVMSwicther] on usb-0000:00:1d.0-1.3/input0

Sep 20 17:55:08 nagios-primary kernel: [87312.442165] usbhid 5-1.3:1.1: couldn't find an input interrupt endpoint

 

2---4320---(8)-(13)-(61.5385%)-(8)-(0)-(frq=8,zsc=0,asc=[Sep-20-(17:55)])---(Sep/20)-(17:07)---(Sep/20)-(17:55:08)---ETWNFILF---(Sep/20)-(17:55)---(Sep/20)-(17:55:08)

 

 

Back to Top

Alert if a specific string is found in a log file. In the alert, show the offending / matching log entries:

 

Command:

nlm localhost logrobot autonda /var/log/syslog 60m 'kernel|panic' '.' 3 5 syslog_check -ndshow
 

Explanation:

  1.  The log file to monitor is /var/log/syslog file

  2. Monitor this log for any line containing "kernel" or "panic".

    1. Indicated with the 'kernel|panic'  and  '.'

  3. If the number of lines found is less than 3, exit with an OK

  4. If the number of lines found is greater than or equal to 3, and less than 5, exit with a WARNING

  5. If the number of lines found is greater than or equal to 5, exit with a CRITICAL

  6. The name of this log check is syslog_check

  7. Whenever lines are found in the log containing the specified strings, we want to see those lines.

    1. Indicated with the -ndshow

  8. While trying to scan this log file, if it is detected that the timestamp of the log itself is older than 60 minutes, abort!

Back to Top

Monitor log for specific entries, exclude lines containing certain strings, then alert on what's left:

 

Command:

nlm localhost logrobot autonda /var/log/syslog 60m 'kernel|panic' 'abrt' 3 5 syslog_check -ndshowexcl

Explanation:

  1. Monitor the /var/log/syslog file
  2. Scan the log for any line containing "kernel" or "panic". Ignore lines containing 'abrt', if found on the same line
  3. If the number of lines found is less than 3, exit with an OK
  4. If the number of lines found is greater than or equal to 3, and less than 5, exit with a WARNING
  5. If the number of lines found is greater than or equal to 5, exit with a CRITICAL
  6. The name of this log check is syslog_check
  7. From the list of lines found containing 'kernel' or 'panic', exclude/ignore lines that have the string 'abrt' in them
    1. Indicated with the -ndshowexcl
  8. While trying to scan this log file, if it is detected that the timestamp of the log itself is older than 60 minutes, abort immediately

Back to Top

Log File checks via Emails

 

To Set up log file checks via CRONTAB and to Receive Email Notifications on those Checks, see below:
 

 

root@nagios-primary ~# ./nlm  localhost:email  logrobot  autonda  /var/log/messages  1h  'kernel'  'timed out'  1  2  -show  Kernel_Timeouts  Support@Logrobot.com

root@nagios-primary ~#

root@nagios-primary ~#

root@nagios-primary ~#

root@nagios-primary ~#

 

  • The name given to this particular log check is "Kernel_Timeouts".  The subject of the email alerts you receive will be similar to any of these:

 

  • CRITICAL:  [ Kernel_Timeouts ] localhost Log Scan [ ISSUES ].

 

  • WARNING:  [ Kernel_Timeouts ] localhost Log Scan [ ISSUES ].

 

  • OK:  [ Kernel_Timeouts ] localhost Log Scan [ RECOVERY ].

 

 

 

 

Monitor the [ /var/log ] Directory

  • Watch for files that were recently updated within [ 5 ] hours

  • If/When those files are found, scan them, watch for entries containing [ "ERROR" ]

  • If less than [ 15 ] entries are found containing [ "ERROR" ], do not alert - this is not an issue

  • If more than or equal to [ 15 ] entries are found, but less than [ 20 ], alert as WARNING

  • If more than or equal to [ 20 ] entries are found, alert as CRITICAL

  • If the above threshold is breached, send an email alert to the address [ logrobotTool@Gmail.com ]

  • In the alert show only the file(s) found in the [ /var/log ] directory that contained the [ "ERROR" ] string

 

Example:
 

root@nagios-primary ~# ./nlm  monitor-01.net:email  logrobot  autoblz  /var/log  5h  'ERROR'  '.'  15  20  grahite_access_dirk14  -ndshow   logrobotTool@Gmail.com

root@nagios-primary ~#

root@nagios-primary ~#

root@nagios-primary ~#

 

 

 

 

 

 

 

 

 

 

 

 

 

Back to Top

Professional Consultation for Log File Monitoring

 

Professional consultation (or outsourcing) is NOT necessary in most cases.  This is because both the installation of logrobot and its day to day usage are easy to understand.  You DO NOT have to be an experienced UNIX user to get this log monitoring tool up and running.  We've already done all the hard work to make sure of that.  You only need to follow the basic instructions provided.  The few commands you will need to run are simplistic in nature and do not require any technical sophistication. 

This means, unlike other tools, there isn't a lengthy complicated manual for you to read up on. There are no classes for you to force your employees to take.  All the complex steps you would have had to carry out yourself have already been programmed into the logrobot/logxray tool.  All you have to do is run it.

While professional consultation may not be necessary in most cases, there is a variety of reasons some may still wish to delegate the task of monitoring logs to an outside entity.  Whatever the reasons may be, if you need help configuring log checks on any of your UNIX hosts, the logrobot support team will handle it for you.  We are specialized in this particular area and have in our arsenal an enormous collection of automated tools built specifically to execute, on a large scale, a wide range of tasks. 

If this option is of interest to you, Contact Us.

 

Back to Top

Frequently Asked Questions

Is there a Money Back Guarantee?

Yes. There is a 60 Day Money Back Guarantee.

 

What exactly can I do with logrobot?

You can do anything with logrobot as long as it falls under log monitoring & alerting.

If you think your situation is so unique that no other tool can handle it, try us.  Simply email us with your unique request and we'll let you know if logrobot already supports it and if not, we'll provide you with a date it will be supported.  Yes, it's really that simple!

logrobot's massive capabilities include, but surely aren't limited to:

  1. Monitoring & Alerting on the contents of system log files (errors, strings, keywords, patterns etc)

  2. Monitoring & Alerting on custom Application log files (mysql, oracle, apache/http and much more)

  3. Alerting if certain keywords / patterns ARE NOT found inside a specific log within a specific timeframe

  4. Monitoring & Alerting on the timestamps of log files (verify files are being updated regularly)

  5. Monitoring several log files at the same time - (very useful if you have multiple logs to scan)

  6. The capability to monitor both live and rotated logs to ensure nothing is missed

  7. Graphing the frequency with which user-specified strings occur in log files

    1. Or graph for anomalies

  8. Monitoring & Alerting on the size of log files (ensure logs do not consume too much disk space)

  9. Monitor log files no matter how big they are (even log files that are GIGABYTES in size)

  10. Conditional Monitoring..i.e:

    1. Alert if a certain column of a newly added log entry has a value greater than or less than x

  11. View logs on all your servers from one Web Interface (avoid having to ssh to each host)

  12. Analysis - Easily identify which minute or hour of the day had the most entries recorded

 

What is LoGrobot's Automation?

LoGrobot's Automation is a newly developed mechanism created specifically for users who do not wish to deal with any technical complexities.  With the invention of our tool "kinglazy", we handhold users through every step of the log monitoring process.

Unlike most tools out there, "kinglazy" asks limited questions and with just the stroke of a few buttons on your keyboard, it allows you to:

  • Automatically install and configure the Nagios Core Monitoring Application

    • Yes, even if you have no idea what Nagios is - This will set it all up for you!

  • Generate color-coded Excel spreadsheets on past alerts (any Nagios alert)

  • Auto Create new log check definitions in Nagios for hundreds of log files

  • Create reports on all configured service checks on a list of hosts and much more

 

How else can logrobot be used to scan, monitor and alert on log files:

There is a variety of different ways logrobot can be used to monitor and alert on log files.  The documentation provided with the tool is quite detailed and provides massive amounts of examples on how logrobot can save you lots of time...and labor.

 

Support is included in the purchase price of logrobot.  So at any time, you can contact us to tell you exactly how to do what you want to do.  All emails are responded to extremely fast!

 

 

How easy is it to setup log checks / log monitoring for log files?


It is very easy to setup log checks through logrobot. Most UNIX users dread having to read documentations.  This is understandable.  When we developed logrobot, we took that into account which is why we created the tool called "kinglazy".   Kinglazy is a menu driven arsenal of automated tools built to eliminate the annoyance that often comes with having to learn how to use new tools.  With Kinglazy, all you have to do is bring up the interface and select the option related to whichever task you wish to perform.

 

Can logrobot monitor date-less types of log files?

Yes! Just pass the “autonda” option to logrobot, instead of autofig.  Matter of fact, you can try either one of those options to see which one you prefer.  “autonda” is much faster. 

"autonda" provides more robust information about the log you're monitoring. 

To get familiar with all the options available in logrobot, at the command line, simply type:

[root@nagios-master ]# ./logrobot  auto  (or you can type it with no arguments)

 

 

 

Can I scan for multiple strings in a log file instead of searching for them separately?

Yes. If you want to monitor your logs for multiple strings, you can run LoGrobot this way:

Basic Example:

Monitor log for strings “Error” and “imuxsock” and “ERROR” and “failed”

Command:
LoGrobot  autonda  /var/log/syslog  60m  'ERROR|failed|Error|imuxsock'  '.'  3  5  mul_log_entries_2  -ndfoundmul

Whenever LoGrobot finds any line that contains any of these strings, it will alert.

In other words, NO, you do not have to run several instances of LoGrobot for different strings.  LoGrobot can monitor them all in one go. 

If all your search strings cannot fit nicely on the command line, substitute a config file in their place.

 

 

 

 

What is logXray?

logXray is the trial version of LoGrobot. It can only be used on Linux systems.  To monitor logs on Linux / AIX / HP-UX / SunOS systems, scroll to the bottom of the page to purchase the option that best suits your needs.

\

Is it easy to install logrobot?

Yes.  Click here to see a demonstration.

Please note, there are 2 ways to use LoGrobot on a UNIX host. 

  1. You can either install the full LoGrobot tool itself, OR,

  2. You can simply drop it in on a host as a typical Nagios plugin

The 2nd option is meant for users who already have a Nagios installation in their environment and are looking for a dedicated plugin to use to handle the monitoring of logs.

With logrobot, there's very little you have to do.  Most UNIX tools often force users to manually edit configuration files, perform complex compilations and install packages or libraries that are unnatural to the UNIX system. 

LoGrobot does not require any of that. All you have to do, after downloading the logrobot zip file and unzipping it, is to either drop it into your already existing plugins directory with the other plugins you already have, OR just run 2 simple commands to automatically set it up in place for you.

 

How Fast is logrobot?

Very fast!  LoGrobot completes its periodic scanning of log files within 1-2 seconds!

 

How much is logrobot?

Please see the table at the bottom of the page for all available options.

 

After purchasing logrobot will you assist me if I need any help?

Absolutely! It is highly unlikely you'll need help setting up logrobot.  The tool was deliberately designed and built to be simplistic in its setup.  However, if you find that you require some type of assistance, please do not hesitate to Contact Us..

 

 

Can the LoGrobot team come on site for installations?

Yes.  Please contact us for more information.

 

 

Is logrobot sold on a per server basis?

At the moment, No.  This means, for the price listed on each plan at the bottom of this page, you will be able to monitor an unlimited number of log files on as many UNIX Hosts / Servers as you need.

 

Monitor specific logs on every one of my UNIX Hosts / Servers

Here are the Simple steps you need to take for that to happen:

Place logrobot on all your UNIX machines.  Installation is very simple:

  • Copy the logrobot.zip file to each one of the hosts that you have log files on.

  • Unzip the logrobot.zip file, then run the installation command.

Basically, here’s all you have to do on each of your UNIX Hosts / Servers:

  1. unzip logrobot.zip ; cd logrobot

  2. InstallAgent.sh     /apps/magent     5666     10.20.30.40     client

 

To install logrobot on the MASTER server, run:

  • InstallAgent.sh     /apps/magent     5666     10.20.30.40     master

    • Change the port number and/or IP address to match your environment

Installation Completed!

If you consider the above instructions to be too much to read, just go into the unzipped logrobot directory, run "kinglazy" at the command prompt.  Enter "i" for the automatic install of LoGrobot.

 

 

Can I Watch for multiple strings in a log file at once?

Yes! If you want to monitor your logs for multiple strings, you can run logrobot this way:

Example:

Monitor log for strings “Error” and “imuxsock” and “ERROR” and “failed”

Command:
logrobot  autonda  /var/log/syslog  60m  'ERROR|failed|Error|imuxsock'  '.'  3  5  mul_log_entries_2  -ndfoundmul


Whenever logrobot finds any line that contains any of these strings, it will alert.

In other words, NO, you do not have to run several instances of logrobot for different strings.  logrobot will monitor them all in one go!

 

 

Will you help with the installation of Nagios / Cacti on my System(s)?

Absolutely! If you don't already have Nagios installed, but wish to have it, no need to worry.  "kinglazy" will install it for you automatically.  It's really simple.  Bring up the kinglazy interface and select the option for "Nagios Administration" or "Cacti Administration"

 

Back to Top

  • Monitor Any UNIX Log File However You Want

  • Monitor Entire Directories of Log files with just one Check

  • Monitor Rotated Logs - Never miss a critical log entry!

  • Monitor Dynamic logs without any Additional Configuration

  • Monitor & Alert on Log Inactivity or Unusual Log Patterns

  • Monitor Any Log File Regardless of Size (yes, even GB files)

  • Use just ONE tool to monitor ALL log related Statistic!

  • Automate / AutoGenerate Log Check configs in Nagios

    • Eliminate the tediousness of setting up checks on multiple different log files across several different hosts and servers!

  • Use with Cron, Nagios, Cacti, Graphite or other Monitoring Applications

  • Receive only Valid Actionable Log Alerts - no false positives!

Licenses

LogRobot

1 UNIX Host / Server

Monitor Unlimited Log files on each Host!

UNIX: Linux / AIX / SunOS / HP-UX

$49.95  Buy Now

Instant Download!

10 UNIX Hosts / Servers

Monitor Unlimited Log files on each Host!

UNIX: Linux / AIX / SunOS / HP-UX

$99.95  Buy Now

Instant Download!

Unlimited UNIX Hosts / Servers

Monitor Unlimited Log files on each Host!

UNIX: Linux / AIX / SunOS / HP-UX

$299.95  Buy Now

Instant Download!

Copyright    |    Restrictions    |    Licensed Product    |    Grant of License    |    Warranty    |    License Agreement

Back to Top