PIKT Log Scan Macro

The pikt_log_scan_alarms_macros.cfg is a script macro to scan PIKT log file output for noteworthy entries.

Note how--by means of the generalized script macro, tailored to the needs of each PIKT log file by the parameters we pass to the =piktlog_scan() script macro--note how this technique saves us from having to write dozens of ungeneralized log file scanning scripts specific to each PIKT log file. 

piktlog_scan(A, B1, B2)
 
	init
		status =piktstatus
		level =piktlevel
		task "Scan the PIKT (A).log for noteworthy entries"
		input logfile "=logdir/(A).log"
	begin	
		=checkpoint(=lalim)

		// assume no crisis (yet)
		set #crisis = #false()
#if dbserver | prodserver
		// on production servers, only process non-emergency pikt
		// log files in the early morning, during production downtime
		if $alert() !~~ "red|emergency"
			if #hour() > 5
				quit
			fi
		fi
#endif

	rule	// automatic bypasses	
		if    $inlin =~~ "==> =logdir/.+ <=="
			next
		endif

	rule	// special alarm-specific bypasses, first bypass
		if $inlin =~~ "(B1)"
			next
		endif

	rule	// bypass empty lines
		if ! #length($inlin)
			next
		endif

	rule
		=set_hr($inlin)

	rule	// report ERROR entries
		if $inlin =~ "ERROR]"
			output mail $inlin
			next
		endif

	rule	// report inactive alarms
		if    $inlin =~ "INFO].+suspended status"
		// && =monday
			output mail $inlin
			next
		endif


	rule	// report stderr output from invoked commands
		if =notlogmsg
			if $inlin !~~ "broken pipe"
				output mail $inlin
			endif
			next
		endif

	rule	// report corrupted lines, then bypass
		if #hr == #err()
			output mail $inlin
			next
		endif

	rule	// report entries due to a possibly badly formed input
		// command that results in no input
		if    $inlin =~ "WARNING].+no input data"
			=outputmail $inlin
			next
		endif

	rule	// bypass commonplace stuff
		if $inlin =~ "(DEBUG]|NOTICE]|INFO]|
                              last line is improperly date/time-stamped|
                              no answer from)"
			next
		endif

	rule	// special alarm-specific bypasses, second bypass
		if $inlin =~~ "(B2)"
			next
		endif

	rule	// possibly report WARNING entries
		if $inlin =~ "WARNING]"
			=outputmail $inlin
			next
		endif

	rule	// report anything not filtered out
		output mail $inlin

	end
		if #crisis
			// =page()
		endif
		quit

You might invoke the =piktlog_scan() macro in your alarms.cfg file thusly: 

///////////////////////////////////////////////////////////////////////////////
//
// logs_pikt_alarms.cfg
//
///////////////////////////////////////////////////////////////////////////////
=nbsp
#if piktmaster
PIKTREDLogScan

        =piktlog_scan(RED, =nonesuch, =nonesuch)

PIKTREDTestLogScan

        =piktlog_scan(REDTest, =nonesuch, =nonesuch)

#endif

///////////////////////////////////////////////////////////////////////////////

PIKTEMERGENCYLogScan

        =piktlog_scan(EMERGENCY, runaway...procs, =nonesuch)

PIKTEMERGENCYTestLogScan

        =piktlog_scan(EMERGENCYTest, =nonesuch, =nonesuch)

///////////////////////////////////////////////////////////////////////////////

PIKTSysAdminsUrgentLogScan

        =piktlog_scan(SysAdminsUrgent, dmesgrf: no such file|stat source.+dmesg, =nonesuch)

PIKTSysAdminsUrgentTestLogScan

        =piktlog_scan(SysAdminsUrgentTest, dmesgrf: no such file|stat source.+dmesg, =nonesuch)

///////////////////////////////////////////////////////////////////////////////

PIKTCodersUrgentLogScan

        =piktlog_scan(CodersUrgent, dmesgrf: no such file|stat source.+dmesg, =nonesuch)

PIKTCodersUrgentTestLogScan

        =piktlog_scan(CodersUrgentTest, dmesgrf: no such file|stat source.+dmesg, =nonesuch)

///////////////////////////////////////////////////////////////////////////////

PIKTSysAdminsCriticalLogScan

        =piktlog_scan(SysAdminsCritical, =nonesuch, =nonesuch)

PIKTSysAdminsCriticalTestLogScan

        =piktlog_scan(SysAdminsCriticalTest, =nonesuch, =nonesuch)

///////////////////////////////////////////////////////////////////////////////

[...]

///////////////////////////////////////////////////////////////////////////////

PIKTCheckDatabaseLogScan

        =piktlog_scan(CheckDatabase, =nonesuch, =nonesuch)

///////////////////////////////////////////////////////////////////////////////

PIKTDownSystemsLogScan

        =piktlog_scan(DownSystems, =nonesuch, =nonesuch)

///////////////////////////////////////////////////////////////////////////////

PIKTDownRpcLogScan

        =piktlog_scan(DownRpc, =nonesuch, =nonesuch)

///////////////////////////////////////////////////////////////////////////////

PIKTSysRebootsLogScan

        =piktlog_scan(SysReboots, =nonesuch, =nonesuch)

///////////////////////////////////////////////////////////////////////////////

Output from these scripts might look like, for example: 

DEBUG:
    PIKTSysAdminsUrgentLogScan
        Scan the PIKT SysAdminsUrgent.log for noteworthy entries

        ping: unknown host grenada
        ping: unknown host grenada

DEBUG:
    PIKTSysAdminsCriticalLogScan
        Scan the PIKT SysAdminsCritical.log for noteworthy entries

        telnet: grenada: Name or service not known
        grenada: Unknown host
        telnet: connect to address 10.10.5.73: Connection refused
        telnet: connect to address 10.10.5.34: Connection refused
        telnet: grenada: Name or service not known

Open Hand For more examples, see Samples.

 
Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software
Developer's Notes | Licensing | Authors | Pikt-Users | Pikt-Workers | Related Projects | Site Index | Privacy Policy | Contact Us
Page best viewed at 1024x768 or greater.   Page last updated 2008-03-27.   This site is PIKT® powered.
PIKT® is a registered trademark of the University of Chicago.   Copyright © 1998-2008 Robert Osterlund. All rights reserved.
Home FAQ News Intro Samples Tutorial Reference Software
PIKT Logo
PIKT Page Title
View sample
log file permissions
script macro