You can evaluate these contents using a basic ALL, ANY, or EXACT query capability for one or more query items.
This add-in is ideal for locating error or other important occurrences within log files (such as backup logs.)
From the Entry Editor, set the Type of entry to Add-In, click Select Add-In and select the File Content Monitor.
Click on the Configure Add-In button.
After selecting to Configure Add-in from the main IPSentry Entry Editor, you will be presented with the File Content Monitoring configuration options.
During a monitoring cycle, the add-in will perform the following tasks:
Open the requested file(s).
Scan from the last position scanned to the end.
If the search term is found, the add-in will return an alert status.
The add-in maintains an internal store of file names and positions last evaluated.
File Name / Specification
Enter the entire path and file specification containing the files to be monitored.
Wild Card: You can use standard wild-card specification in this field.
Special File Naming:
You can format file name specification using date stamp conversion keywords which will cause the add-in to monitor files that are named with specific date information.
For example, if you use an application that logs all activity performed on a specific day to a separate file per day, the file might be named with the format of YYYYMMDD.LOG. A good example is the IIS log files "exyymmdd.log".
In order to have the add-in evaluate these types of files, you can use key values in the file specification in order to limit the files that the add-in will evaluate.
ex%yy%*.log would evaluate all log files created for the current year.
ex%yy%%mm%*.log would evaluate all log files in the current month and year.
ex%yy%%mm%%dd%.log would evaluate only log files for the current date.
Assuming the date of April, 7, 2001, the above example would be converted to the following respectively:
User Name / Password
When performing a content scan on files contained on a remote system using a UNC formatted path (e.g. \\computer\share\filespec ) enter the appropriate logon credentials required to gain access to the remote folder. If IPSentry is running under a security context with appropriate rights, you may leave these fields blank and IPSentry will attempt to connect under the current process credentials.
This field contains the terms (search words) you wish to find. You may enter one or many terms in this field and they will be evaluated based on the limitations set by the Any/All/Exact settings.
Select this option if you wish to have the add-in return an alert status if one or more of the terms are found during the file scan.
Select this option if you wish to have the add-in return an alert status if all of the search terms were found during a file scan.
Select this option if you wish to have the add-in return an alert status if the search term must be found exactly as entered - as a phrase.
Select this option if you are unsure of the case (UPPER or lower) that will be in the file. If this option is not selected, the data in the file must match the terms case precisely.
Max Tail (bytes)
This field represents the maximum number of bytes that will be evaluated at the end of any file.
For example, setting this value to 10240 would cause the add-in to evaluate no more than the last 10240 bytes of any given file - even if the add-in has not scanned any of the data in the file before this point.
Setting this value to -1 is recommended.
Max Age (days)
When using a wild-card specification, or monitoring a rarely modified file, you may wish to have the add-in ignore files that are older than a specific amount of time.
For example, if you are monitoring C:\LogFiles\*.LOG, there may be files well over a month old. Perhaps you only want to monitor files that have been updated in the last couple of days - in which case, you would enter a 1 or 2 in this field - causing the add-in to ignore files older than a couple of days.
Scan Entire File Every Cycle
Check this option if the file being monitored is always being overwritten, updated, or copied.
It is not advisable to set this option on static files or create a monitoring entry that uses this setting that is not dependent on some other entry.
For example, you might configure a File Tail Monitoring entry that is dependent on a File/Directory monitoring entry that detects a modification to a file. Such as a process log file that gets overwritten every day.
Only Files Since Last Check
Check this option if you only want to scan files that did not exist during the last cycle that match your file specification. This is useful where you have a large number of files and simply want to evaluate only newly created files for the content match.
Return EOL Delimited Line
When scanning text files with a standard EOL character (CRLF, CR, LF), you can select this option to return the line of data formatted in the results for use with the %%mach.resultinfo%% keyword.
This option should only be used on standard text files.