- 0 minutes to read
Troubleshooting & FAQ: Log File Parser Monitoring Agent
Find quick solutions and answers for the Nodinite Log File Parser Monitoring Agent. Jump to your specific issue using the navigation guide below.
Find Your Solution
graph TD
A["π§ What's your issue?"] --> B["π File Access Problems"]
A --> C["π Pattern Not Matching"]
A --> D["β‘ Performance Issues"]
A --> E["π Correlation Not Working"]
A --> F["β οΈ Too Many Alerts"]
B --> B1["π File Access & Permissions"]
C --> C1["π― Pattern Matching & RegEx"]
D --> D1["β‘ Performance & Optimization"]
E --> E1["π ACK/NAK Correlation"]
F --> F1["π Alert Management"]
classDef problemStyle fill:#ffebee,stroke:#c62828,stroke-width:2px
classDef solutionStyle fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
class A problemStyle
class B,C,D,E,F problemStyle
class B1,C1,D1,E1,F1 solutionStyle
Click any section below or use the quick links:
| Issue Type | Quick Solutions |
|---|---|
| π File Access & Permissions | Can't access files, SMB share issues, permission problems |
| π― Pattern Matching & RegEx | Patterns not working, RegEx syntax, timestamp issues |
| β‘ Performance & Optimization | High CPU, memory usage, large file handling |
| π ACK/NAK Correlation | Transaction tracking not working, timeout issues |
| π Alert Management | Too many alerts, false positives, notification issues |
What access rights are required?
The account used to run the Nodinite Log File Parser Monitoring Agent as a Windows Service must have read access to the folder(s) with log files. This is detailed in the Prerequisites for Log File Parser Monitoring Agent user guide.
Note
Please review the Logon as Service Right user guide.
File Access & Permissions
flowchart TD
A["ποΈ File Access Issue"] --> B{"π File Location?"}
B -->|Local Windows| C["β
Check Permissions"]
B -->|SMB Share| D["π Check Network Access"]
C --> E["π Service Account Rights"]
D --> F["π SMB Credentials"]
E --> G["β
Read Permissions on Files"]
F --> G
classDef issueStyle fill:#ffebee,stroke:#c62828
classDef checkStyle fill:#fff3e0,stroke:#f57c00
classDef fixStyle fill:#e8f5e8,stroke:#2e7d32
class A issueStyle
class B,C,D checkStyle
class E,F,G fixStyle
Where can log files be located?
Supported locations:
- Windows folders:
C:\Logs\*.log(local paths) - SMB shares:
\\server\share\logs\*.log(network paths)
Not supported: NFS, FTP, cloud storage (submit feature request to Support)
Common permission issues
| Problem | Solution |
|---|---|
| "Access denied" | Service account needs Read permissions on log files and folders |
| "Path not found" | Verify UNC path format: \\server\share\folder |
| SMB timeout | Check network connectivity, firewall rules |
Pattern Matching & RegEx
flowchart LR
A["π― Pattern Not Matching"] --> B{"π Check RegEx"}
B -->|Invalid| C["βοΈ Fix RegEx Syntax"]
B -->|Valid| D{"π Check Log Format"}
D -->|Wrong Format| E["π§ Update Pattern"]
D -->|Correct| F["β° Check Timing"]
C --> G["β
Pattern Working"]
E --> G
F --> G
classDef issueStyle fill:#ffebee,stroke:#c62828
classDef checkStyle fill:#fff3e0,stroke:#f57c00
classDef fixStyle fill:#e8f5e8,stroke:#2e7d32
class A issueStyle
class B,D,F checkStyle
class C,E,G fixStyle
Common RegEx patterns
| Use Case | Pattern | Example Match |
|---|---|---|
| Errors | ERROR\|EXCEPTION\|FATAL |
ERROR: Database timeout |
| HTTP Errors | 5\d\d |
500, 503, 504 |
| Capture Groups | OrderId:(\d+) |
OrderId:12345 (captures 12345) |
| Negative Lookahead | ERROR(?!.*retry) |
ERROR but not "ERROR retry" |
Why patterns don't match
- Case sensitivity: Use
(?i)errorfor case-insensitive - Special characters: Escape
.*+?with backslash - Timestamp format mismatch: Verify log datetime format
- File encoding: Ensure UTF-8 or ASCII encoding
Performance & Optimization
flowchart TD
A["β‘ Performance Issue"] --> B{"π What's slow?"}
B -->|High CPU| C["π Reduce Scan Frequency"]
B -->|High Memory| D["π Limit File Size"]
B -->|Slow Alerts| E["π― Optimize Patterns"]
C --> F["β
Optimized"]
D --> F
E --> F
classDef issueStyle fill:#ffebee,stroke:#c62828
classDef checkStyle fill:#fff3e0,stroke:#f57c00
classDef fixStyle fill:#e8f5e8,stroke:#2e7d32
class A issueStyle
class B checkStyle
class C,D,E,F fixStyle
Performance guidelines
| Metric | Recommended | Tuning |
|---|---|---|
| Files per agent | <200 files | Split across multiple agents |
| File size | <500 MB | Use log rotation |
| Scan interval | 30-60 seconds | Increase for non-critical logs |
| Memory usage | <100 MB | Avoid large regex patterns |
ACK/NAK Correlation
sequenceDiagram
participant L as π Log File
participant A as π€ Agent
participant N as π― Nodinite
L->>A: OrderReceived OrderId:12345
A->>N: β±οΈ Start tracking
Note over A: Waiting for completion...
L->>A: OrderCompleted OrderId:12345
A->>N: β
Transaction complete
L->>A: PaymentStarted PayId:67890
A->>N: β±οΈ Start tracking payment
Note over A: β° Timeout after 5 minutes
A->>N: β Alert: Incomplete transaction
Quick setup
Example configuration:
- Start pattern:
OrderReceived.*OrderId:(\d+) - End pattern:
OrderCompleted.*OrderId:$1 - Timeout: 30 minutes
Complete guide: How to monitor correlated events
Alert Management
flowchart TD
A["π Too Many Alerts"] --> B{"π What type?"}
B -->|π« False Positives| C["Add Negative Patterns"]
B -->|β° Too Frequent| D["Increase Thresholds"]
B -->|π₯ Wrong People| E["Fix Notification Rules"]
C --> F["β
Focused Alerts"]
D --> F
E --> F
classDef problem fill:#ffebee,stroke:#c62828
classDef check fill:#fff3e0,stroke:#f57c00
classDef solution fill:#e8f5e8,stroke:#2e7d32
class A problem
class B check
class C,D,E,F solution
Common fixes
| Problem | Solution | Example |
|---|---|---|
| Known errors | Add negative pattern | ERROR(?!.*retry successful) |
| Too many warnings | Monitor only critical | Filter: ERROR, FATAL only |
| Maintenance noise | Schedule suppression | Disable alerts during deployments |
Result: 70-90% reduction in false positives.
Implementation Examples
| Use Case | Guide | Description |
|---|---|---|
| π Transaction tracking | How to monitor correlated events | ACK/NAK monitoring for business workflows |
| π Error detection | How to monitor file content | Pattern matching for errors and security events |
| π IIS monitoring | How to monitor IIS W3SVC log files | Web server performance and error monitoring |
| π System diagnostics | How to monitor Nodinite Diagnostic files | Platform health and troubleshooting |
Need More Help?
Quick resources:
- π§ Email: support@nodinite.com
- π« Support Portal: Support
- βοΈ Configuration Guide: Configuration
- π Prerequisites: Prerequisites for Log File Parser Monitoring Agent
Next Step
Configuration
Prerequisites for Log File Parser Monitoring Agent
Log File Parser Monitoring Agent