Using logstash?

Post by **kilianvp** » Wed Jun 07, 2017 9:46 am

Has someone experience with using logstash to collect and process WinCC OA Logs?

Post by **vogler** » Wed Jun 07, 2017 10:06 am

yes, I did this, i really like Elasticsearch, and it is pretty cool to analyze logs...
http://www.rocworks.at/wordpress/?p=769
there you will also find a simple logstash config file for OA.

Post by **kilianvp** » Wed Jun 07, 2017 12:14 pm

cool, you have a good tool to view/analyse logs?

right now im using regex (PVSS|WCC).*(19[0-9]{2}|2[0-9]{3}).(0[1-9]|1[012]).([123]0|[012][1-9]|31) ([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]).([0-9]{3}),.*(INFO|WARNING|SEVERE|FATAL).*,

Post by **vogler** » Wed Jun 07, 2017 1:02 pm

logstash writes the logs to Elasticsearch, and with Elasticsearch you get Kibana, a nice tool to discover the data in Elasticsearch.

Kibana: https://www.elastic.co/products/kibana

nice regex

where do you use this regex ?

Post by **mkoller** » Wed Jun 07, 2017 1:39 pm

Just a hint in case this is unknown:

you can create your own ErrHdl plugin (ExternErrHdl subclass), which is then loaded by every manager and called whenever
an ErrHdl call is done (which normally writes into the PVSS_II.log file).
With that you can directly write your ErrHdl entries to e.g. an external database (and with a LogViewer plugin you can then also
again retrieve the logs from this DB instead of getting them from the project log directory).

Check the help for ExternErrHdl (and /opt/WinCC_OA/3.15/api/ExternLogFeed/ for the LogViewer plugin if you like to use this too)

Post by **kilianvp** » Wed Jun 07, 2017 8:29 pm

Code: Select all

(PVSS|WCC).*(19[0-9]{2}|2[0-9]{3}).(0[1-9]|1[012]).([123]0|[012][1-9]|31) ([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9]).([0-9]{3}),.*(INFO|WARNING|SEVERE|FATAL).*,

i use that to detect new entries because some debug output is accross multiple lines

Post by **vogler** » Thu Jun 08, 2017 7:58 am

I see. Do you already use Elasticsearch? or do you plan to use it? I am curious about it. Once a time I built a Data-Logger to send WinCC OA Data+Alerts to Elasticsearch - I think it could be nice to discover alert messages with Kibana and/or build dashboards with it or with Grafana..
WinCC OA & Elasticsearch

Post by **kilianvp** » Thu Jun 08, 2017 9:36 am

Maybe for a new Projekt. But right now im looking for ways to creating a Tool to analyse old log files like PVSS_II.log

logstash/Elasticsearch is maybe overpowered

Post by **vedadramovic** » Fri Jul 14, 2017 3:14 pm

Hi Kilian,
I need a tool to preserve some old logs from PVSS_II.log too.
I am new with Logstash.

I am struggling with its configuration for WinCCOA, particularly with parsing and '@timestamp' removal.

Could you please share you Logstash configuration files, along with its pattern files?
my email is
vedad.ramovic@bstelecom.ba

thank you in advance,
Vedad

Post by **kilianvp** » Fri Jul 14, 2017 3:30 pm

right now i dont use logstash i made a Tool to create a XML from PVSS_II.log

and than i can load the XML in a modified Version of YALV

HowTos

Using logstash?

Using logstash?

Re: Using logstash?

Re: Using logstash?

Re: Using logstash?

Re: Using logstash?

Re: Using logstash?

Re: Using logstash?

Re: Using logstash?

Re: Using logstash?

Re: Using logstash?