Creating custom scanners for log analysis

You can create custom scanners for log analysis. After you configure the scanner, the results are generated in the reports when you run the xsLogAnalyzer tool. The custom scanner scans the logs for event records based on the regular expressions that you specified.

Procedure

  1. Create a scanner specifications properties file that specifies the general expression to run for the custom scanner.
    1. Create and save a properties file.
      The file must be in the loganalyzer_root/config/custom directory. You can name the file as: you like. The file is used by the new scanner, so naming the scanner in the properties file is useful, for example: my_new_server_scanner_spec.properties.
    2. Include the following properties in the my_new_server_scanner_spec.properties file: 
      include.regular_expression = REGULAR_EXPRESSION_TO_SCAN
      The REGULAR_EXPRESSION_TO_SCAN variable is a regular expression on which to filter the log files.
      Example: To scan for instances of lines that contain both the "xception" and "rror" strings regardless of the order, set the include.regular_expression property to the following value: 
      include.regular_expression = (xception.+rror)|(rror.+xception)
      This regular expression causes events to be recorded if the string "rror" comes before or after the "xception" string.

      Example:

      To scan through each line in the logs for instances of lines that contain either the phrase "xception" or the phrase "rror" strings regardless of the order, set the include.regular_expression property to the following value: 
      include.regular_expression = (xception)|(rror)
      This regular expression causes events to be recorded if the either the "rror" string or the "xception" string exist.
  2. Create a configuration file that the xsLogAnalyer tool uses to create the scanner.
    1. Create and save a configuration file.
      The file must be in the loganalyzer_root/config/custom directory. You can name the file as scanner_nameScanner.config, where scanner_name is a unique name for the new scanner.
      For example, you might name the file serverScanner.config
    2. Include the following properties in the scanner_nameScanner.config file: 
      scannerSpecificationFiles = LOCATION_OF_SCANNER_SPECIFICATION_FILE
      The LOCATION_OF_SCANNER_SPECIFICATION_FILE variable is the path and location of the specification file that you created in the previous step. For example: loganalyzer_root/config/custom/my_new_scanner_spec.properties. You can also specify multiple scanner specification files by using a semi-colon separated list: 
      scannerSpecificationFiles = LOCATION_OF_SCANNER_SPECIFICATION_FILE1;LOCATION_OF_SCANNER_SPECIFICATION_FILE2
  3. Run the xsLogAnalyzer tool.
    For more information, see Running log analysis.

Results

After you run the xsLogAnalyzer tool, the report contains new tabs in the report for the custom scanners that you configured. Each tab contains the following views:
Charts
A plotted graph that illustrates recorded events. The events are displayed in the order in which the events were found.
Tables
A tabular representation of the recorded events.
Summary reports