Summary
Question
When relative date is used in log file name , monitor fails to find the log file.s/\/apps\/user\/pro1\/JEE\/AEM\/logs\/publish_apache\/access_$year$-$0month$-$0day$-.*.log/
When exact log name is specified the monitor is able to recognize the file.s/\/apps\/user\/pro1\/JEE\/AEM\/logs\/publish_apache\/access_2019-10-25-18_00_00.log/
The files exists on the monitored server and they have the right permissions
Answer
Please find below the analysis, and how we should proceed to match the file:
Requirement:
Monitor below Log file:
/apps/user/pro1/JEE/AEM/logs/publish_apache/access_2019-10-25-18_00_00.log
In order to match the previous file, we need to make sure to pass the enough information within the regex to match the exact file name, the regular expression is failing since we are using some additional regular expression, that are not for date and time (i.e : “.*.log” we are trying to match a pattern and not pass the parameter with the information, as previous date variables):
Documentation:
“you can use special date and time regular expression variables to match log file names that include date and time information.”
https://docs.microfocus.com/itom/SiteScope:2019.08/LogFileMonitor
File Name: /apps/user/pro1/JEE/AEM/logs/publish_apache/access_2019-10-25-18_00_00.log
Important, if we need to match the file for an specific day, we need to make sure that the file exist.
Regular Expression:
Invalid Regex:
s/\/apps\/user\/pro1\/JEE\/AEM\/logs\/publish_apache\/access_$year$-$0month$-$0day$-.*.log/
As you can see, we are not giving the exact name within the regex, for this reason it will failed to locate the file, since SiteScope will be expecting to reach : /apps/user/pro1/JEE/AEM/logs/publish_apache/access_2019-10-25-.*.log and this is not a valid file on the remote target.
Valid Regex:
s/\/apps\/user\/pro1\/JEE\/AEM\/logs\/publish_apache\/access_$year$-$0month$-$0day$-18_00_00.log/
As you can see, we are giving the $year$ , $0month$ and $0day$, those variables will contain static values, and those values depends on the current day, we can pass that information to build the file name, but we cannot use the “.*” string to match the remaining information for the file, since we need to give the exact name with the variables.
File matched: /apps/user/pro1/JEE/AEM/logs/publish_apache/access_2019-10-25-18_00_00.log
In order to match the file name, you’ll need to work with the application owner, to change the log file name and remove the hour, minute and seconds values within the name, to avoid the inconvenient and obtain a better configuration for the monitor,
Documents used for the research:
https://docs.microfocus.com/itom/SiteScope:2019.08/LogFileMonitor
https://docs.microfocus.com/itom/SiteScope:2019.08/DateVariables
Also, to verify the behavior of the monitor with the different regular expressions, I enable below debug under:
X:\SiteScope\conf\core\Tools\log4j\PlainJava>log4j.properties file
##################################################################################
Log monitor
##################################################################################
log4j.category.com.mercury.sitescope.monitors.log=DEBUG, log.appender
log4j.additivity.com.mercury.sitescope.monitors.log=false
log4j.category.com.mercury.sitescope.util=DEBUG, log.appender
log4j.category.com.mercury.sitescope.util=false
log4j.appender.log.appender=org.apache.log4j.RollingFileAppender
log4j.appender.log.appender.File=../${log.file.path}/log_monitor.log
log4j.appender.log.appender.MaxFileSize=${def.file.max.size}
log4j.appender.log.appender.MaxBackupIndex=${def.files.backup.count}
log4j.appender.log.appender.layout=org.apache.log4j.PatternLayout
log4j.appender.log.appender.layout.ConversionPattern=%d [%t] (%F:%L) %-5p - %m%n
log4j.appender.log.appender.encoding=${general.encoding}
Resolution:
When we configure the regular expression with date and time variables, we need to make sure we are passing the full name of the file that we need to monitor,
File to match: /apps/user/pro1/JEE/AEM/logs/publish_apache/access_2019-10-25-18_00_00.log
Regular Expression: s/\/apps\/user\/pro1\/JEE\/AEM\/logs\/publish_apache\/access_$year$-$0month$-$0day$-18_00_00.log/