LogFile monitoring directives

LogFile

This directive indicates the pathname to a streaming text log file on the system. You can specify the pathname as a relative pathname, with respect to the location of the CO-sysmsg.exe program, or an absolute pathname, using either forward or backward slashes. All the directives that follow, until the next LogFile directive, apply to the specified log file. This directive can contain Time Format values, such as %y, %m, %d, to respectively match the two-digit year, two-digit month, or two-digit day. For instance, you can use the file specification C:/windows/logfiles/f-%y%m%d.log to monitor a file with a name such as f-091231.log.

LogName

This optional directive, if it exists, must follow the LogFile directive. It is the name of the log file (or subsystem) displayed in the syslog message. If this value is not provided, the event message is not identified with the log file other than in the message content. The value can be any arbitrary text string. It commonly punctuates with a trailing semicolon, such as Oracle Data: or HTTP Log File:.

MaxSizeChange

This optional directive, if it exists, must follow the LogFile directive. It is an integer size, in bytes. If the file increases by this amount of bytes or more during a single 500 msec interval, it triggers a special message indicating that the file has increased rapidly in size. If you do not provide this value, the value of 10,000 bytes is used. (You can increase the value to 1 Mbyte.) This parameter helps prevent excessive syslog messages from being generated should a file undergo extremely rapid updates, such as a new file being copied into place. Each log file has its own MaxSizeChange value.

LogStatChange

This optional directive, if it exists, must follow the LogFile directive, and has a value of disable or enable. The directive indicates that the monitor agent is not to read the file, but only to send a syslog message (with the DefaultFacilty and DefaultSeverity) if the file modification time changes.

This is useful for monitoring file objects that are not necessarily log files. The file object specified by LogFile can be a directory or any file, including an executable file or configuration file. You cannot use this directive with any MatchKeyword expressions. If no LogStatChange directive exists, then changes to the file modification times are not monitored.

DefaultFacility

This optional directive might follow the LogFile directive. The value specifies a facility name (or an official facility number between 0–23) that identifies the default facility code used in all messages logged to the specified file. If this directive gets omitted, the default facility is assumed to be user.

DefaultSeverity

This optional directive might follow the LogFile directive. The value specifies a severity name (or an official facility number between 0 and y) that identifies the severity code used in all messages logged to the specified file. The value of this directive is commonly disabled or -1, indicating that no message is processed unless it matches one of the UseSeverity patterns (described further). If this directive is omitted, the default severity is assumed to be disabled.

UseFacility

This directive might follow the DefaultFacility directive, and is followed by one or more MatchKeyWord directives. This operates identically to the EventLog monitor directive, described previously. The directive is followed by a series of match patterns, any of which, causes the UseFacility value to be specified as the message facility. Multiple UseFacility directives, each followed by multiple MatchKeyWord directives, can be configured.

UseSeverity

This directive is similar to the UseFacility directive in the preceding row of this table, but affects the message severity instead of the facility code. This operates identically to the EventLog monitor directive, described previously. The directive is followed by a series of match patterns, any of which, causes the UseSeverity value to be specified as the message facility. Multiple UseSeverity directives, each followed by multiple MatchKeyWord directives, can be configured.

MatchKeyWord

This directive operates identically to the EventLog monitor directive, discussed previously. The directive is nested within a UseFacility or UseSeverity directive, and specifies a single match keyword, with possible * or ? wildcards. If a new log file entry matches the specified pattern, then the related severity or facility is used. Multiple patterns can be specified, without limit. The MatchKeyWord list is ended by any other directive, so the MatchKeyWord directives must be contiguous within a single UseFacility or UseSeverity block.

%a

Abbreviated weekday name

%A  

Full weekday name

%b

Abbreviated month name

%B

Full month name

%d

Day of the month as a decimal number (01 – 31)

%H

Hour in 24-hour format (00 – 23)

%I

Hour in 12-hour format (01 – 12)

%j 

Day of year as a decimal number (001 – 366)

%m

Month as a decimal number (01 – 12)

%M

Minute as a decimal number (00 – 59)

%U

Week of, with Sunday as the first day  (00 – 51)

%w

Weekday as a decimal number (0 – 6; Sunday is 0)

%W

Week of year, with Monday as the first day (00 – 51)

%y

Year without century, as a decimal number (00 – 99)

%Y

Year with century, as a decimal number

%z 

Time-zone name or abbreviation

%% 

Percent sign