监视日志文件中的特定模式

Question

I am trying to write a batch file to monitor a log file for the word 'rdy' on a line and alert if the value against rdy is less than 200

extract from my log file as below:

[Sun Jun 23 11:00:00 2013] [notice] mpmstats: rdy 249 bsy 1 rd 0 wr 1 ka 0 log 0 dns 0 cls 0
[Sun Jun 23 11:00:02 2013] [error] [client 10.25.134.1] File does not exist: E:/htdocs/default/KeepAlive.html

I have written a basic script ( Still on my L's ) which monitors the error.log file in a particular directory. The issue is there are error logs from multiple days and I want to monitor the current error log.

@echo off

set log=E:\scripts\busycheckalert.log
set Time=%time:~0,5%
set Today=%date:~4,2%
set Month=%date:~7,2%
set Year=%date:~12,2%
set file=E:\logs\ihs\Default\error.log.%Month%.%Today%.%Year%

echo Polling %file% at %Time% >> %log%
for /f "usebackq delims=;" %%a in (`dir /b   E:\logs\ihs\Default\error.log.%Month%.%Today%.%Year%`) do (
    echo Checking now >> %log%
    for /f "tokens=8,9 delims= " %%a in     (E:\logs\ihs\Default\error.log.%Month%.%Today%.%Year%) do (
        echo Doing Checks >> %log%
        if %%j LEQ 200 echo %Today%-%Month%-%Year% at %Time% Error - Ready threshold exceeded >> %log% in %%a ))

I manage to get till the first checkpoint " Checking now". However, it seems it doe not enter that 2nd loop.

This is the extract from the resultant log file:

Polling E:\logs\ihs\Default\error.log.06.23.13 at 22:48 
Checking now 
Polling E:\logs\ihs\Default\error.log.06.23.13 at 22:49 
Checking now 
Polling E:\logs\ihs\Default\error.log.06.23.13 at 22:50 
Checking now 

Could you please advise where I am going wrong? Any help would be great.

Thanks

Answer 1

The issue is there are error logs from multiple days and I want to monitor the current error log.

for /f "delims=" %%a in (' dir /b /a-d /od *.log ') do set "latest_file=%%a"

I gather now that it's not your aim.

You seem to be using the same log file name as the file you are processing.

You have delims=; where there are no ; in your log snippet.

You are reusing %%a in both loops.

set file=E:\logs\ihs\Default\error.log.%Month%.%Today%.%Year%

echo Polling %file% at %Time% >> %log%
for /f "usebackq delims=;" %%a in (`dir /b   E:\logs\ihs\Default\error.log.%Month%.%Today%.%Year%`) do (
    echo Checking now >> %log%
    for /f "tokens=8,9 delims= " %%a in     (E:\logs\ihs\Default\error.log.%Month%.%Today%.%Year%) do (

Answer 2

for /f "tokens=8,9 delims= " %%a in     (E:\logs\ihs\Default error.log.%Month%.%Today%.%Year%) do (

Hmmm- now I wonder what would happen if you were to change the %%a to, say, %%i ?

You appear not to be checking that %%i ==rdy either. If you don't do that, you may land up with some rather odd results.

Answer 3

Suggestion with code for GNUWin32 grep :

@echo off & setlocal
set "cTime=%time:~0,5%"
set "Today=%date:~3,2%"
set "Month=%date:~6,2%"
set "Year=%date:~11,2%"
set "file=E:\logs\ihs\Default\error.log.%Month%.%Today%.%Year%"
SET "log=resultant.log"

echo Polling %file% at %Time% >> "%log%"
for /f "delims=" %%a in ('dir /b /a-d "%file%') do (
     echo Checking now >> "%log%"
     for /f "tokens=3" %%b IN ('grep -o "mpmstats: rdy [0-9]\+" "%file%"') do SET "rdy=%%b"
     echo Doing Checks >> "%log%"
     SETLOCAL ENABLEDELAYEDEXPANSION
     if !rdy! LEQ 200 echo %Today%-%Month%-%Year% at %cTime% Error - Ready threshold exceeded IN %%a >> "%log%"
     endlocal
)

Answer 4

You are using a specific file in your FOR loops, so there is no need for two of them. The first one merely confirms that the file exists. That is easier and more efficiently done with:

if exist "E:\logs\ihs\Default\error.log.%Month%.%Today%.%Year%" ( ... )

Others have said you have a problem using %%a for both loops. Actually, there is nothing wrong with reusing a character within nested loops. But then your inner loop cannot access the outer loop value. Given that your inner loop DO references %%j , I suspect you intended for your inner loop to use %%i instead of %%a .

Your logic is wrong in that your loop is processing all lines, when it should only process lines that contain " rdy ". FIND or FINDSTR can be used to efficiently filter out unwanted lines.

You should never assign your own value to a variable named TIME (note that variable names are case insensitive). Doing so prevents you from later accessing the dynamic time value.

I haven't figured out what would prevent entry to your inner loop when the outer loop works. But I would restructure your entire code.

Instead of deriving the name of the log file from the current date, I would list all log files in date/time order and use FOR /F to capture the last one found.

Then I would use another FOR /F to parse the output of a FINDSTR search for " rdy "

@echo off
setlocal
set "log=E:\scripts\busycheckalert.log"
set "checkTime=%time:~0,5%"
pushd "E:\logs\ihs\Default"

set "currentLog="
for /f "delims=" %%F in ('dir /b /a-d /od "error.log.*"') do set "currentLog=%%F"
if defined currentLog (
  >>"%log%" echo Polling %currentLog% at %checkTime%
  for /f "tokens=9" %%A in ('findstr /c:" rdy " "%currentLog%"') do (
    if %%A leq 200 >>"%log%" echo Error at %time%: Ready threshold exceeded in %currentLog% 
  )
) else  >>"%log%" echo No log found at %checkTime%"

popd