Log file monitoring software

Egginacup · 07-01-2015 12:02pm #1

Does anyone know of any tools that can be used to monitor a log file for certain strings or patterns and then alert when those strings are present?

The logfile is a basic text file on a Windows server but it is NOT a Windows log file if you know what I mean. It is a general text logfile that is rotated everyday. It's actually a TACACS.net logfile but the application is not really important.

Thanks in advance

ObeyTheSuit · 08-01-2015 5:35am

Do you want it to highlight or send alerts to say an email address or something?

Egginacup · 08-01-2015 10:25am

ObeyTheSuit wrote: »

Do you want it to highlight or send alerts to say an email address or something?

Hi OTS, yes sending an email would be the best approach, but any form of notification would be acceptable, e.g. a popup or something. Did you have some ideas?

ObeyTheSuit · 08-01-2015 12:19pm

Well, for me I'd probably use Powershell to check a log file every say 5 mins or so. Pretty easy to hook into your email server etc. It's some custom code but won't be hard to write even for a novice.

E.g -one liner to check for strings:

http : //w w w. happysysadm . com /2013/11/powershell-one-liner-to-check-log-files.html

You can expand that with some simple if statements to do what you want.

Emailing the alert:

http : // w w w. adminarsenal . com / admin-arsenal-blog/powershell-sending-email-with-gmail-example

Just either sign your powershell code or set it to unrestricted and have a basic task (scheduled task) to run it every xx minutes. I would advise the MS preferred method of code signing, but if your not worried about someone running malicious code via PS it's not an issue. You'll need a service account setup to log onto the mail server but that's about it really.

If you get it working you could potentially write some self-healing code in there too.

Sorry about the spaces in the link, apparently I am a new user and can't post links.

ObeyTheSuit · 08-01-2015 12:21pm

Oh happy to help you out with the code if needs be, but I prefer people to have a stab at it first. Helps them learn

Egginacup · 08-01-2015 3:16pm

ObeyTheSuit wrote: »

Oh happy to help you out with the code if needs be, but I prefer people to have a stab at it first. Helps them learn

Well OTS....Powershell looks great and would do what I want but maybe I'm just reinventing the wheel. We have a TACACS.NET server and it has log files and those logfiles show failed login attempts to switches/routers. I just need a system to alert when a failed login attempt was made. Do you know of software that can do that?

09-01-2015 8:43am

Could you use Splunk for this...

CptSternn · 09-01-2015 8:48am

It really depends on your budget. You can write a simple script or you can get a package like SCOM, HP Openview, or one of the other major monitoring tools or a smaller package in between.

ObeyTheSuit · 09-01-2015 1:35pm

What CptSternn said really.

Take for example SCOM as mentioned above, it's a complete network/server/workstation/application monitoring tool with self healing. I've deployed it before and it would take a specialist about 3-4 months (give or take) to implement it properly. So in short overkill for what you describe.

You've asked for a simple tool for a simple problem. A quick Google shows me a lot of options however they all seem to offer what I would consider overkill for your needs.

Log file monitoring software

Comments