Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ardiextra:logfile [2023/11/28 02:30] – created optrixardiextra:logfile [2025/12/18 22:50] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====Log File Events====
  
 +===Information===
 +
 +Turns log files into source of ARDI events.
 +
 +^Driver Info^Detail^
 +|Driver Type:|**Event**|
 +|Platforms:|**All**|
 +
 +===Driver Settings===
 +
 +^Option^Description^
 +|Log File|The full path to the log file. Must be accessible from the ARDI server|
 +|Regex|The Python-style regular expression used to extract information from each line of the log|
 +|Time Format|The format of any time-stamp in the log. See the Python [[https://docs.python.org/3/library/datetime.html#strftime-strptime-behavior|time format codes]]|
 +|Timezone|The timezone of the data in the log file|
 +
 +===Named Groups & Regex===
 +
 +You can use named groups in your regular expression to capture information from logs. In Python-style regular expressions, this is done with **?P<//name//>** (including the 'greater than' and 'less than' signs) at the start of your match.
 +
 +You can include the following group names...
 +
 +^Group Name^Usage^
 +|Name|Used as the name of the event|
 +|Start|The start time for the event. The ONLY time if there's no matching end time.|
 +|End|The end time for the event.|
 +
 +===Examples===
 +
 +==CEF==
 +
 +For example, a **CEF**-format log looks like this...
 +
 +<code>
 +127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326
 +</code>
 +
 +And if we wanted to mark this as an event, with the name of the resource as the title and the date as the start, we'd use the following expression...
 +
 +**Regular Expression**
 +<code>
 +\[(?P<date>.*?)\ -0700] "GET (?P<name>.*) HTTP
 +</code>
 +
 +**Time Format**
 +<code>
 +%d/%b/%Y:%h:%m:%s
 +</code>
 +
 +===Equipment===
 +
 +Most equipment logs don't keep to a specific standard, but will look something like the example below...
 +
 +<code>
 +2018-10-25 11:56:35,008 INFO  [MOTOR_X93]  Startup Sequence Failed
 +</code>
 +
 +To read these in as a log entry, we'd use the following...
 +
 +**Regular Expression**
 +<code>
 +(?P<date>.*),(?P<code>\d\d\d)\s(?P<style>.*)\s\s\[(?P<asset>.*)]\s\s(?P<name>.*)
 +</code>
 +
 +**Time Format**
 +<code>
 +%Y-%m-%d %H:%M:%S
 +</code>

ARDI

Welcome Guides

User Guides

Administrative

Sever
Other

API / SDK

Scripting

Addons / Drivers

Other Media