I'm currently trying to find a solution to a remote log monitoring issue I'm facing. I'm using an agentless monitoring approach to monitor logs on multiple servers. I have a single server where an agent exists that is tunneled into the network so I can communicate with other servers on this network. I want to be able to monitor multiple log files in real time.
I've currently looked into using the Watchdog module on Python, but it feels like I can only use this to monitor "create, deleted, moved" type of events in a folder. Ideally, I'd love to read for specific strings in a txt/log file.
If I could have the log files store themselves onto the server with the agent, this would also be a solution. The monitoring solution I'm currently running allows me to monitor logs locally where the agent is present.
I've also looked into Socket module on python, but this feels like it will take up too much bandwidth on multiple servers.
Here's a sample script that I'm working with to try and go through the Watchdog route:
import time
from watchdog.observers import Observer
from watchdog.events import FileSystemEventHandler
class LogReciever(BaseHTTPRequestHandler):
def do_Post(self):
content_length = int(self.headers['Content-Length'])
post_data = self.rfile.read(content_length)
self.send_response(200)
self.end_headers()
response = b'Received log data'
self.wfile.write(response)
class LogFileHandler(FileSystemEventHandler):
def on_modified(self, event):
if event.is_directory:
return
if event.src_path == log_file_path:
print(f"Log file {event.src_path} has been modified.")
with open(log_file_path, 'r') as file:
content = file.read()
if target_string in content:
print("ERROR57:")
print(content)
print("=" * 40) # Separator for better readability
log_file_path = r"C:\" #File path goes here
target_string = "ERROR57" # Replace with your target string
