I've reviewed the "Configuring Log Parsers Step by Step" guide here: http://help.kaseya.com/WebHelp/EN/VSA/6030000/EN_LogParsers63.pdf#view=Fit&navpanes=0 but I'm left with a couple of questions, pertaining to the sample logfile below:
-----------------
[Start Session: 2013/06/30 06:00:01]
INFO: 2013/06/30 06:00:01 - Automatic update procedure initiated.
INFO: 2013/06/30 06:00:02 - Automatic update to \\CRL4\apps\geoLogic\geoSCOUT\ initiated.
ERROR: 2013/06/30 06:00:05 - Unable to remove enough directories to perform automatic update of Core.
ERROR: 2013/06/30 06:00:05 - Unable to remove enough directories to perform automatic update of Directional Surveys.
ERROR: 2013/06/30 06:00:05 - Unable to remove enough directories to perform automatic update of General.
ERROR: 2013/06/30 06:00:06 - Unable to remove enough directories to perform automatic update of Land.
ERROR: 2013/06/30 06:00:06 - Unable to remove enough directories to perform automatic update of Production.
ERROR: 2013/06/30 06:00:06 - Unable to remove enough directories to perform automatic update of Pipelines.
ERROR: 2013/06/30 06:00:06 - Unable to remove enough directories to perform automatic update of Reserves.
ERROR: 2013/06/30 06:00:06 - Unable to remove enough directories to perform automatic update of Well.
INFO: 2013/06/30 06:00:07 - Completed update to \\CRL4\apps\geoLogic\geoSCOUT\
INFO: 2013/06/30 06:00:07 - Automatic updates have been applied to all relevant installations.
[End Session: 2013/06/30 06:00:07]
[Start Session: 2013/07/02 08:36:47]
INFO: 2013/07/02 08:36:49 - Found 9 updates available for \\CRL4\apps\geoLogic\geoSCOUT\
INFO: 2013/07/02 08:38:14 - Found 9 updates available for \\CRL4\apps\geoLogic\geoSCOUT\
[End Session: 2013/07/02 08:40:59]
[Start Session: 2013/07/07 06:00:01]
INFO: 2013/07/07 06:00:01 - Automatic update procedure initiated.
INFO: 2013/07/07 06:00:09 - Automatic update to \\CRL4\apps\geoLogic\geoSCOUT\ initiated.
ERROR: 2013/07/07 06:00:26 - Unable to remove enough directories to perform automatic update of Core.
ERROR: 2013/07/07 06:00:26 - Unable to remove enough directories to perform automatic update of Directional Surveys.
ERROR: 2013/07/07 06:00:27 - Unable to remove enough directories to perform automatic update of General.
ERROR: 2013/07/07 06:00:28 - Unable to remove enough directories to perform automatic update of Land.
ERROR: 2013/07/07 06:00:28 - Unable to remove enough directories to perform automatic update of Production.
ERROR: 2013/07/07 06:00:29 - Unable to remove enough directories to perform automatic update of Pipelines.
ERROR: 2013/07/07 06:00:30 - Unable to remove enough directories to perform automatic update of Reserves.
ERROR: 2013/07/07 06:00:31 - Unable to remove enough directories to perform automatic update of Well.
INFO: 2013/07/07 06:00:32 - Started thread to update Gas Analysis
INFO: 2013/07/07 06:03:25 - Thread complete - successful Gas Analysis update applied.
INFO: 2013/07/07 06:03:25 - Completed update to \\CRL4\apps\geoLogic\geoSCOUT\
INFO: 2013/07/07 06:03:25 - Automatic updates have been applied to all relevant installations.
[End Session: 2013/07/07 06:03:25]
[Start Session: 2013/07/09 13:07:45]
INFO: 2013/07/09 13:07:49 - Found 9 updates available for \\CRL4\apps\geoLogic\geoSCOUT\
[Start Session: 2013/07/09 14:22:06]
[End Session: 2013/07/09 14:22:47]
[Start Session: 2013/07/09 14:23:37]
[End Session: 2013/07/09 14:23:44]
[Start Session: 2013/07/09 14:36:30]
[End Session: 2013/07/09 14:37:36]
[Start Session: 2013/07/09 14:37:39]
INFO: 2013/07/09 14:37:42 - Found 9 updates available for \\CRL4\apps\geoLogic\geoSCOUT\
[End Session: 2013/07/09 14:59:09]
[Start Session: 2013/07/14 06:00:01]
INFO: 2013/07/14 06:00:01 - Automatic update procedure initiated.
INFO: 2013/07/14 06:00:04 - Automatic update to \\CRL4\apps\geoLogic\geoSCOUT\ initiated.
INFO: 2013/07/14 06:00:07 - Removed directory \\CRL4\apps\geoLogic\geoSCOUT\geoCORE\107 for Core
INFO: 2013/07/14 06:00:07 - Removed directory \\CRL4\apps\geoLogic\geoSCOUT\disda\101 for Directional Surveys
INFO: 2013/07/14 06:00:08 - Removed directory \\CRL4\apps\geoLogic\geoSCOUT\gnrldata\100 for General
INFO: 2013/07/14 06:00:09 - Removed directory \\CRL4\apps\geoLogic\geoSCOUT\geoLAND\101 for Land
INFO: 2013/07/14 06:00:09 - Removed directory \\CRL4\apps\geoLogic\geoSCOUT\prodhist\100 for Production
INFO: 2013/07/14 06:00:10 - Removed directory \\CRL4\apps\geoLogic\geoSCOUT\geopipe\101 for Pipelines
INFO: 2013/07/14 06:00:10 - Removed directory \\CRL4\apps\geoLogic\geoSCOUT\Poolfld\101 for Reserves
INFO: 2013/07/14 06:00:11 - Removed directory \\CRL4\apps\geoLogic\geoSCOUT\gsWellData\102 for Well
INFO: 2013/07/14 06:00:12 - Started thread to update Core
INFO: 2013/07/14 06:00:12 - Started thread to update Directional Surveys
INFO: 2013/07/14 06:07:55 - Thread complete - successful Core update applied.
INFO: 2013/07/14 06:07:55 - Started thread to update General
INFO: 2013/07/14 06:10:58 - Thread complete - successful Directional Surveys update applied.
INFO: 2013/07/14 06:10:58 - Started thread to update Land
INFO: 2013/07/14 06:24:35 - Thread complete - successful Land update applied.
INFO: 2013/07/14 06:24:35 - Started thread to update Production
INFO: 2013/07/14 06:24:52 - Thread complete - successful General update applied.
INFO: 2013/07/14 06:24:52 - Started thread to update Pipelines
INFO: 2013/07/14 06:42:00 - Thread complete - successful Production update applied.
INFO: 2013/07/14 06:42:00 - Started thread to update Reserves
INFO: 2013/07/14 06:42:47 - Thread complete - successful Pipelines update applied.
INFO: 2013/07/14 06:42:47 - Started thread to update Well
INFO: 2013/07/14 06:55:40 - Thread complete - successful Reserves update applied.
INFO: 2013/07/14 07:41:41 - There are warning messages in the log file: \\CRL4\apps\geoLogic\geoSCOUT\GswellData\115_pending\WTIdxSKBuild.log
INFO: 2013/07/14 07:41:41 - Daily well update applied successfully to \\CRL4\apps\geoLogic\geoSCOUT\
INFO: 2013/07/14 07:41:42 - Thread complete - successful Well update applied.
INFO: 2013/07/14 07:41:42 - Completed update to \\CRL4\apps\geoLogic\geoSCOUT\
INFO: 2013/07/14 07:41:42 - Automatic updates have been applied to all relevant installations.
[End Session: 2013/07/14 07:41:42]
-----------------
I'm trying to build a log parser to send an e-mail when a line happens with "ERROR:" as the start. The Parser documentation indicates parameters need delimiters on both sides, only, there's only the colon (:) as a right delimiter on both the INFO and ERROR lines. Also, the spacing is lost in my paste -- lines that start with INFO are preceded by three spaces, whereas lines that start with ERROR are preceded by two spaces.
My two questions are, Can I build a parameter that pulls the word ERROR / INFO, with them not having a left-side delimiter, and, Does Multi-line log files work when the text blocks are variable length? There's the common line ending with [End Session: {date}] but it's not clear in the documentation whether the multi-line log parser definitions are smart enough to handle variable blocks like such.
Thanks!