1. Typically, my events are multi-line and looks like this:-
a) Say *event A* be:
WY_LOG_TYPE_ERROR <<**
================================
2013-08-30 22:08:55
================================
File: /var/www/.../Dblink.php
Line: 70
Unknown MySQL server host '127.0.0.1' (0)
**>>
b) Say *event B* be:
WY_LOG_TYPE_ERROR <<**
================================
2013-08-30 22:08:55
================================
File: /var/www/.../app.php
Line: 70
The application connectivity failure...(and some stack trace...)
**>>
2. The important *nxlog module configs* :
a) Multiline
<Extension *multi*>
Module xm_multiline
HeaderLine /^WY_LOG_TYPE_(ERROR|INFO)/
EndLine /^\*\*>>/
</Extension>
b) The input config:
<Input *in_app_desktop_my_log*>
Module im_file
File "/vagrant/my.log"
SavePos TRUE
ReadFromLast TRUE
InputType multi
PollInterval 20
</Input>
c) *The pattern module: ( used to extract body of error message ie
everything after "File:" till "**>>" as the timestamp of error can change)*
** *This modules capture the error body message and put it in variable
named message_body*
<Processor *extract_body_of_error*>
Module pm_pattern
PatternFile /vagrant/patterndb.xml
</Processor>
d) The final norepeat module working on this *message body variable.*
<Processor *no_repeat*>
Module pm_norepeat
CheckFields message_body
</Processor>
e) Output config (does all the mail sending work)
<Output *out_app_desktop_my_log*>
Module om_null
Exec { exec_async("/bin/sh", "-c", 'echo -e "From:
suraj.shar...@webyog.com\nTo:
suraj.sha...@webyog.com\nContent-Type:text/html;\nSubject: Error in Log
\n\n<pre>' + $raw_event + '<//pre>"|/usr/sbin/sendmail -t' ); }
</Output>
f) The ROUTE config
<Route *1*>
*Path in_app_desktop_my_log => extract_body_of_error => no_repeat
=> out_app_desktop_my_log*
</Route>
3. The whole series of events happens like ABABABABABAB... every seconds.
IN 20 seconds we get approx 50 such series and the ultimate requirement is
to send just 2 mails (not 100 of them) containing event A and event B after
20 seconds.
4. *My question is how can pm_evcorr or xm_perl help me...?*
5. Some thoughts from you answer are like in xm_perl we can make an
array storing up last 10 events (or precisely storing the message_body) and
checking based on that, whether the current event has been repeated in last
10 occurrences... if repeated it should be dropped.
--
Warm Regards,
Suraj Sharma
Software Engineer
Webyog Softworks Pvt Ltd
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
