Log File Events
Information
Turns log files into source of ARDI events.
| Driver Info | Detail |
|---|---|
| Driver Type: | Event |
| Platforms: | All |
Driver Settings
| Option | Description |
|---|---|
| Log File | The full path to the log file. Must be accessible from the ARDI server |
| Regex | The Python-style regular expression used to extract information from each line of the log |
| Time Format | The format of any time-stamp in the log. See the Python time format codes |
| Timezone | The timezone of the data in the log file |
Named Groups & Regex
You can use named groups in your regular expression to capture information from logs. In Python-style regular expressions, this is done with ?P<name> (including the 'greater than' and 'less than' signs) at the start of your match.
You can include the following group names…
| Group Name | Usage |
|---|---|
| Name | Used as the name of the event |
| Start | The start time for the event. The ONLY time if there's no matching end time. |
| End | The end time for the event. |
Examples
CEF
For example, a CEF-format log looks like this…
127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326
And if we wanted to mark this as an event, with the name of the resource as the title and the date as the start, we'd use the following expression…
Regular Expression
\[(?P<date>.*?)\ -0700] "GET (?P<name>.*) HTTP
Time Format
%d/%b/%Y:%h:%m:%s
Equipment
Most equipment logs don't keep to a specific standard, but will look something like the example below…
2018-10-25 11:56:35,008 INFO [MOTOR_X93] Startup Sequence Failed
To read these in as a log entry, we'd use the following…
Regular Expression
(?P<date>.*),(?P<code>\d\d\d)\s(?P<style>.*)\s\s\[(?P<asset>.*)]\s\s(?P<name>.*)
Time Format
%Y-%m-%d %H:%M:%S