实时监控 windows 日志文件中的错误 [英] Real Time monitoring for errors in log files in windows

问题描述

我的服务器上部署了多个 Windows 服务.我想实现一个 PowerShell 脚本，它可以对这些服务的日志进行实时监控.它必须在日志文件中查找关键字(例如错误、异常)，一旦出现任何错误，脚本应向预先配置的电子邮件地址发送通知.我在网上进行了基本搜索，可以找到一些可以执行此操作的免费软件应用程序，但我并不热衷于在服务器上安装这些应用程序.如果这可以通过基本的 PowerShell 脚本或批处理脚本完成并且可以在后台运行，那就太好了.

I have multiple windows services deployed on my servers. I want to implement a PowerShell script which can do real time monitoring of logs of these services. It must look for keywords(Eg. Error, Exception) in the log file and as soon as there is any error, the script should send a notification to a preconfigured email address. I did basic search on the web and could find some freeware applications which can do this but I am not keen on installing those on the servers. If this can be done by a basic PowerShell script or a batch script and can run in background, it'll be great.

我找到了可以实时查看文件的 Get-Content 和 Type -wait 命令

I've found the Get-Content and Type -wait commands which can watch the file in real time

Get-Content error.log -wait | where { $_ -match "ERROR" }

对于电子邮件通知部分的任何帮助，如果您能添加一些可能有帮助的网络链接，我将不胜感激.

I'll really appreciate any assistance on the email notification part and if you could add some web links which may help.

有点复杂的是日志文件不会是恒定的，每天都会创建一个新的日志文件，脚本应该根据文件名或创建日期等自动识别最新的文件.

A bit of complexity is that the log file will not be constant and a new log file is created every day and the script should automatically identify the latest file based on the file name or creation date etc.

文件名格式为 8_05_2021.txt、9_05_2021.txt、10_05_2021.txt

File Name format is 8_05_2021.txt, 9_05_2021.txt, 10_05_2021.txt

推荐答案

如果我的逻辑是正确的，我认为这应该可行，此脚本将无限期运行.

If my logic is right I think this should work, this script would run indefinitely.

对于在 PowerShell 中发送邮件，我知道有两个选项，一个是使用专为此设计的 cmdlet:Send-MailMessage

For sending Mails in PowerShell you have two options that I'm aware of, one is using the cmdlet designed for that: Send-MailMessage

但是，要注意这一点很重要:

However, this is important to be aware of:

警告
Send-MailMessage cmdlet 已过时.此 cmdlet 不保证与 SMTP 服务器的安全连接.虽然 PowerShell 中没有立即可用的替代品，但我们建议您不要使用 Send-MailMessage.有关详细信息，请参阅平台兼容性说明 DE0005.

您可以使用 Net 在此处找到第二个选项.Mail.MailMessage.

You can find the second option here using Net.Mail.MailMessage.

现在对于脚本的代码，您可以使用以下内容:

Now for the code of the script, here is something you can use:

# Define the full path of your logs folder
$logsFolder = 'fullPath\to\logsFolder'

# Function for monitoring and retrieving the newest log file Full Path
function monitorPath($LogPath){
    (Get-ChildItem "$LogPath\*.txt" |
    Sort-Object -Descending CreationTime |
    Select-Object -First 1).FullName
}

# Get the newest log file
$logFilePath = monitorPath -LogPath $logsFolder

while($true)
{
    # If we don't have today's date stored
    # or the update trigger is True
    if($updateDate -or -not $today)
    {
        $today = [datetime]::Today
        $updateDate = $false
    }
    
    if($today -lt [datetime]::Today)
    {
        # Trigger our previous condition
        $updateDate = $true

        # Get the new log file for this day
        $logFilePath = monitorPath -LogPath $logsFolder
    }

    if((Get-Content $logFilePath -Raw) -match 'Error')
    {
        # Send mail message goes here
    }

    Start-Sleep -Seconds 60
}

重要的是要注意，如果日志文件中有错误，这将每分钟向您的收件箱发送垃圾邮件，因此在此块中添加新条件可能是个好主意:

It is important to note that, this would spam your inbox every minute if there is an error in the log file so it will probably be a good idea to add a new condition in this block:

if((Get-Content $logFilePath -Raw) -match 'Error')
{ .... }

例如像这样:

if((Get-Content $logFilePath -Raw) -match 'Error' -and -not $emailSentThisDay)
{
    # Send mail message goes here

    # Here you set this bool to True so you don't get spammed :D
    $emailSentThisDay = $true
}

如果这是您要考虑的事情，那么您将需要在每个新的一天重置 $emailSentThisDay 布尔值，因此:

If this is something you will consider then you will need to reset the $emailSentThisDay bool every new day so:

if($today -lt [datetime]::Today)
{
    # Trigger our previous condition
    $updateDate = $true

    # Reset the antispam bool if this is a new day
    $emailSentThisDay = $false
    
    # Get the new log file for this day
    $logFilePath = monitorPath -LogPath $logsFolder
}

这篇关于实时监控 windows 日志文件中的错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！