Customized Logfile Reader: all lines are processed on first new line in a log RRS feed

  • Question

  • Hi

    I have created a custom moduletype that utilizes the System.ApplicationLog.GenericLogReader  as a triger and parses the log line from its output through a PowerShell script that uses a given regular expression syntax to extract fields from the line and provide them as data via a propertybag.

    I have the issue that when I start monitoring an existing log file with this module (via a rule) and I test the functionality by writing a line to the logfile, that ALL lines in the logfile are processed. This results in high CPU load of the agent and tons of alerts. I think this is only the case the first time something is written, but I can't verify it as the file I am testing is a poorly managed log file (35MB monolithic logfile...).

    My question is, is this normal behavior (Watermark) or do I have a bug in my setup?

    My module does System.ApplicationLog.GenericLogReader -> Microsoft.Windows.PowershellPropertyBagProbe with a propertybag as output.

    Wednesday, October 2, 2013 8:47 AM


All replies