How to monitor application log file in real time ?

[Chastel]

I'm looking to " tail -f " a log file, or watch it as another server application writes entries to it.

There are certain lines like " server stopped " or " server started " that I want to be able to parse out from the log, and then take some other action depending on which case I hit on.

Post-processing won't help, I need to be able to do this in real-time. Anyone have any good ideas how to do this properly using MS Pro ?

Any and all help is appreciated - Thanks !

[Lumumba]

You've got it !
Why not using tail -f with Macro Scheduler?

If you don't have tail for windows, download it from: Cygwin as it should be part of the package.

Code: Select all

Run Program>tail -f c:\myfile.log

[Bob Hansen]

You could create a macro that monitors the size of the log file and opens the log file to do the parsing, and resaves it.

Will timing be an issue? Is it possible the log will try to update while you are parsing? If that is an issue, then perhaps you will have to parse a shadow of the log file, and make sure file size of original has not changed before saving as original name. If it has changed again, will have to save as a temp or scrap it, reload the original and do parsing again with new lines.

From description of file parsing I think you might be able to use the VB with Macro Scheduler to replace strings.

[Chastel]

Hmm ok both good ideas !

I am familiar with Cygwin, supposing I use that approach, I'm not sure how to ' keep my place ' in my copy of the server log ( myfile.log )

i.e. tail -f | grep stopped

Will blurb " DateStamp / The server has stopped " to my file.

Sorry, I posted this in beginners because I'm not very familiar with VB

Using something like Bob suggests, I could get a snapshot of the log inbetween file changes, but then I'd still be looking at all the server stops and starts .. do you see where I'm coming from ?

To take a simple example, let's say when it stops/starts I want my script to call the "It_Stopped" or "It_Started" subroutine .. does that help ?

Any suggestions to fine tune either of these ideas ?

Oh hrm I guess if it checks quickly enough, I could then just delete myfile.log, and arrange it such that it will get recreated to flag new events ?

[Bob Hansen]

When checking file size, also check date/time. Write size, date, time to an INI file? If time since last change > X, then "It_Stopped", do parsing (write date/time of parsing to INI file), else "It_Started", do not parse yet.

If server process runs on a scheduled, then use Macro Schudule to schedule this monitor macro to run during that period.

OR

When INI Time"It_Stopped" > Y and INI TimeLast Parsed>Z, then run "kill" on this monitor macro so it only runs while log might be updated.

[Lumumba]

Gosh,
I should've read it more carefully

Can't see how to accomplish that in realtime with my suggestion ...

Maybe VBScript will solve what you've requested !?

If your process runs localy, and therefore you're process will be able to "write" each line in parallel to the Clipboard (to be compared by MSched...)

Or use FIND for the string (but I'm not sure if "Find" provides an Errorlevel and Macro Scheduler is able to deal with it)

Label>Check
Run Program>cmd /c find /c "server stopped"
CloseWindow>C:\WINNT\System32\cmd.exe
If>ERRORLEVEL,1,Check

Please check these @ Sysinternals (I'm sure one of their free tools will help you): PSTools

[Bob Hansen]

Thanks again Lumumba for another good link to utilities.

In my earlier post I mentioned using "kill" to close Macro Scheduler.
A very useful utility to do that is PrcView. PrcView is freeware.

PrcView is a process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads and module usage. For each DLL it shows full path and version information. PrcView comes with a command line version that allows you to write scripts to check if a process is running, kill it, etc.

You could also use PrcView to see if that server process was running or had stopped vs. checking how long since the log file had been modified.

[Lumumba]

PrcView seems to have an equivalent in PsList ...

Introduction

The Windows NT and Windows 2000 Resource Kits come with a number of command line tools that help you administer your Windows NT/2K systems. Over time, there has grown a collection of similar tools, including some not included in the Resource Kits. What sets these tools apart is that they all allow you to manage remote systems as well as the local one. The first tool in the suite was PsList, a tool that lets you view detailed information about processes, and the suite is continually growing. The "Ps" prefix in PsList relates to the fact that the standard UNIX process listing command-line tool is named "ps", so this prefix was adopted for all the tools in order to tie them together into a suite of tools named PsTools.

The tools included in the PsTools suite, which are downloadable individually or as a package, are:

PsExec - execute processes remotely
PsFile - shows files opened remotely
PsGetSid - display the SID of a computer or a user
PsKill - kill processes by name or process ID
PsInfo - list information about a system
PsList - list detailed information about processes
PsLoggedOn - see who's logged on locally and via resource sharing (full source is included)
PsLogList - dump event log records
PsPasswd - changes account passwords
PsService - view and control services
PsShutdown - shuts down and optionally reboots a computer
PsSuspend - suspends processes
PsUptime - shows you how long a system has been running since its last reboot (PsUptime's functionality has been incorporated into PsInfo)

All of the utilities in the PsTools suite work on Windows NT, Windows 2000 and Windows XP. The PsTools download package includes an HTML help file with complete usage information for all the tools.

[Chastel]

Sweet ! Ok I searched around some more, and found the binaries I wanted seperately - tail.exe and grep.exe - now I can do the following:

d:\temp\tail -f d:\my_server_app\server.log | grep stopped >> myfile.txt

This will append each line where it finds "stopped" which is unique in my case and gives something like DateStamp / The server has stopped.

Now I'll have to script around this to figure out the timing, certainly inbetween file handling will be a race condition.

I think I can get it going, there are a number of codes I want to take certain actions with MS Pro - open control panel - etc and do junk, this should work

Thanks for the input !

[Bob Hansen]

Just a followup note on PSTools. Nice group of utilities but only work on NT/2K. Not a problem unless still using Win9x.

PrcView runs on both Windows 9x/Me and Windows NT/2000/XP platforms.