Configuring Log File Format for MoniLog Reporting
Question: How do I configure WinSyslog, EventReporter, or MonitorWare Agent to generate log files in a format that MoniLog can read?
Overview
MoniLog is a legacy reporting tool that requires specific log file formatting to generate reports. WinSyslog, EventReporter, and MonitorWare Agent support generating MoniLog-compatible output using custom file format templates.
Note: For modern reporting needs, consider using Adiscon LogAnalyzer, a powerful web-based log analysis tool that provides better features, performance, and compatibility with current log formats. LogAnalyzer can read syslog data directly from databases or files without requiring special formatting.
Modern Approach: Custom File Format Templates
Current versions of WinSyslog, EventReporter, and MonitorWare Agent use custom file format templates to generate MoniLog-compatible output. This provides flexibility and control over the exact format.
Configuration Steps
1. Configure Write to File Action
- Open your WinSyslog, EventReporter, or MonitorWare Agent configuration
- Navigate to your Rules and locate the “Write to File” action
- Create a new action or edit an existing one
- Select “Custom File Format” option
- Configure the format template as described below
2. Use MoniLog-Compatible Template
To generate output suitable for MoniLog, use the following template in your custom file format:
%timegenerated:1:10%,%timegenerated:12:19%,%source%,%syslogfacility%,%syslogpriority%,EvntSlog: %severity% %timereported:::uxTimeStamp%:%source%/%sourceproc% (%id%) - "%msg%"%$CRLF%Important Notes:
- Everything must be on one line with no line breaks within the template
- The template uses system properties like %$CRLF% for line endings
- This generates comma-separated values with UNIX timestamps
- All fields are included in a single line per log entry
3. Template Components Explained
| Component | Description |
|---|---|
| %timegenerated:1:10% | Date portion of timestamp (YYYY-MM-DD) |
| %timegenerated:12:19% | Time portion of timestamp (HH:MM:SS) |
| %source% | Source hostname or IP address |
| %syslogfacility% | Syslog facility number |
| %syslogpriority% | Syslog priority number |
| %severity% | Event severity level |
| %timereported:::uxTimeStamp% | UNIX timestamp of when event was reported |
| %sourceproc% | Source process name |
| %id% | Event ID |
| %msg% | The actual log message content |
| %$CRLF% | Windows newline character sequence |
Modern Alternative: Adiscon LogAnalyzer
Adiscon LogAnalyzer is the recommended modern solution for log analysis and reporting:
- Database Integration: Reads directly from databases (MySQL, PostgreSQL, SQL Server) without file formatting
- Real-time Analysis: Web-based interface for live log viewing and analysis
- Advanced Search: Powerful search and filtering capabilities
- Better Performance: Optimized for handling large volumes of log data
- Modern Interface: User-friendly web-based dashboard
- Flexible Reporting: Custom reports and dashboards
- No Special Formatting: Works with standard syslog data
- Active Development: Regularly updated with new features
For new deployments or if you are considering migration, LogAnalyzer provides superior functionality compared to MoniLog. Configure WinSyslog, EventReporter, or MonitorWare Agent to write logs to a database, then connect LogAnalyzer to read from that database.
Alternative Reporting Options
If you encounter issues with MoniLog compatibility or need more flexible reporting:
- Adiscon LogAnalyzer: Modern web-based log analysis tool (recommended)
- Database Logging: Use database logging with SQL Server or MySQL for flexible reporting
- Built-in Reporting: Modern versions may have built-in reporting capabilities
- Third-party Tools: Other reporting tools compatible with databases or standard syslog formats
- Custom Parsing: For advanced needs, consider custom log parsing solutions
- CSV Export: Use CSV format for compatibility with spreadsheet applications
Best Practices
- Consider LogAnalyzer: Evaluate Adiscon LogAnalyzer for modern reporting needs
- Use Database: Database logging provides better integration with modern tools
- Test First: Always test the generated format in a non-production environment
- Verify Compatibility: Load sample logs into MoniLog to verify parsing
- Document Template: Save your custom template for future reference
- Backup Default: Keep a backup of default settings before changing
- Format Consistency: Ensure all log entries follow the same format
- Regular Updates: Keep WinSyslog and MoniLog updated for best compatibility
Troubleshooting
If MoniLog cannot read your log files:
- Verify the template contains no line breaks within the format string
- Check that all commas and separators are consistent
- Ensure timestamps are in the correct format
- Review sample log entries for formatting consistency
- Verify %$CRLF% is used for line endings
- Check MoniLog documentation for specific format requirements
- Ensure no additional characters are inserted between fields
- Consider LogAnalyzer: Modern alternative that doesnt require special formatting
Sample Output
A correctly formatted log entry will look like this:
2024-01-15,14:23:45,myserver,10,30,EvntSlog: Error 1704156845:myserver/Service (1001) - "Connection failed"Template Customization
You can customize the template to match your specific MoniLog requirements:
- Adjust field order to match MoniLog expectations
- Add or remove fields as needed
- Modify timestamp formats if required
- Change field separators (commas, tabs, pipes)
- Include additional metadata fields
Additional Resources
- Adiscon LogAnalyzer: Modern web-based log analysis solution
- Custom file format templates support extensive customization
- Consult the WinSyslog documentation for all available system properties
- Contact support if you need assistance with template design or LogAnalyzer setup
- Consider migrating to database-based reporting with LogAnalyzer for more flexibility