- 6 minutes to read

Release Notes

Monitoring Content Files

Monitor any text-based log file for specific content patterns—detect errors, security events, and business conditions in real-time using powerful RegEx matching and automated alerting.

Gain full control and visibility over your content-based log file monitoring with the Nodinite Log File Parser Monitoring Agent. On this page, you will:

  • Detect patterns instantly—monitor for ERROR, EXCEPTION, security threats, or custom business events
  • Filter noise effectively—use negative patterns to ignore expected warnings and reduce alert fatigue
  • Scale across servers—monitor 200+ log files simultaneously across Windows folders and SMB shares
  • Take immediate action—leverage remote actions to resolve problems and manage alert states

You can configure Nodinite to monitor log files for specific content patterns, trigger alerts when matches are found, and take action based on detected events. This page explains how to set up content-based monitoring effectively. For management actions, see Managing Content Files.

Understanding Content-Based Monitoring

Content-based monitoring focuses on detecting specific text patterns within log files using RegEx expressions. Unlike Monitoring Correlated Events, this approach evaluates each log line independently for immediate pattern detection.

When to Use Content-Based Monitoring

Perfect for:

  • Error detection - Monitor for "ERROR", "EXCEPTION", "FATAL", specific error codes
  • Security monitoring - Detect SQL injection attempts, authentication failures, suspicious activity
  • Performance alerts - Find slow requests, timeout events, resource exhaustion
  • Business event tracking - Monitor for successful transactions, order completions, user actions
  • Compliance logging - Track GDPR access requests, audit events, regulatory requirements

Examples:

  • IIS logs: Detect HTTP 500 errors, slow response times, security threats → How to monitor IIS W3SVC logs
  • Application logs: Find unhandled exceptions, database connection failures → How to monitor file content
  • Security logs: Identify failed authentication attempts, privilege escalation
  • Business logs: Track order processing, payment failures, customer interactions

Monitoring Features

Content-Based Pattern Detection

  • RegEx power - Use advanced regular expressions to match complex patterns, extract values, and capture context
  • Negative filtering - Define patterns to ignore ("alert on ERROR but ignore 'ERROR: Retry attempt 1/3 successful'")
  • Multi-file support - Monitor rolling log files, date-stamped files, and dynamic file patterns
  • Real-time evaluation - Detect new log entries within seconds of file modification

Smart File Management

  • Wildcard patterns - Monitor app*.log, server_\d{4}.log, handles log rotation automatically
  • Time-based filtering - Include only files created/modified within specific timeframes
  • Folder recursion - Include subdirectories for comprehensive coverage
  • SMB share support - Monitor log files across network locations

Flexible Alerting

  • Pattern-based alerts - Trigger warnings/errors when specific content patterns are detected
  • Content extraction - Capture error details, user IDs, transaction numbers from matched patterns
  • Historical tracking - Maintain alert history for compliance and root cause analysis
  • State management - Acknowledge alerts, mark resolved, add investigation notes

Content File Monitoring Overview
Example: Content-based log file configurations in a Monitor View

Monitor Configuration Options

Nodinite presents each Content File Configuration as a Resource, evaluated in real-time. You can:

  • Organize by purpose - Group configurations by Application (Web Server, Database, Payment Processing)
  • Categorize by type - All content configurations appear under 'Log File Event' Category
  • Scale monitoring - Deploy multiple agents across servers for distributed monitoring
  • Apply different rules - Use multiple configurations for the same files with different patterns

Content File Categories
Example: Content File Configurations organized by Category

Configuration Setup

  • Display name comes from your Content File Configuration settings
  • Application association links configurations to business applications
  • Pattern definitions specify what content triggers alerts
  • Time options control which files are included in monitoring

Each Content File Configuration (Resource) maintains one of these states:

State Status Description Actions
Unavailable Resource not accessible Agent cannot access files due to configuration, network, or security issues Review Prerequisites
Error Pattern detected Agent found content matching the error pattern criteria View error details
Warning Pattern detected Agent found content matching the warning pattern criteria View warning details
OK No issues detected Agent monitored files successfully, no concerning patterns found View monitoring status

Resource States
Example: Content file resource showing current monitoring state

You can customize state evaluation using the Expected State feature at the Resource level.

Available Actions

With the Nodinite Web Client, you can perform Remote Actions on content-based monitoring resources:

Immediate Actions

  • Error Report - View detailed information about detected patterns, download logs as ZIP
  • Clear Errors - Ignore historical errors, reset monitoring state
  • Show Log Files - Display currently monitored files, manage individual files
  • Edit Thresholds - Adjust monitoring parameters without agent restart

File Management

  • Download logs - Retrieve individual files or ZIP archives for offline analysis
  • Delete old files - Remove processed log files to manage disk space
  • View file details - Inspect file properties, modification times, content samples

Available Remote Actions
Remote Actions menu for content-based monitoring resources

Alert History & Compliance

Track all content-based monitoring events for compliance and troubleshooting:

  • Pattern-based filtering - Search for specific error types, time ranges, affected applications
  • Export capabilities - Generate compliance reports, share with auditors, analyze trends
  • Root cause analysis - Correlate alert patterns with system events, deployment activities

Compliance Features

  • Audit trails - Complete history of who viewed alerts, made changes, performed actions
  • Retention policies - Configurable data retention (90 days to 7 years) based on requirements
  • Access controls - Role-based permissions control who can view/manage different log types
Search Historical Alerts Individual Resource History
Search for alert history across all content monitoring resources Alert history for specific content file configuration

For complete guidance on managing alerts and performing actions, see Managing Content Files.

Performance & Scalability

Resource Efficiency

  • Minimal overhead - Read-only file access, efficient pattern matching, configurable scan intervals
  • Smart caching - Only reads new log content since last scan, leverages OS file caching
  • Scalable architecture - Single agent monitors 200+ files across multiple servers

High Availability

  • Clustered deployment - Deploy multiple agents for automatic failover
  • Network resilience - Graceful handling of connectivity issues, automatic reconnection
  • State preservation - Maintains monitoring position across agent restarts

Performance metrics:

  • CPU usage: <5% during active monitoring
  • Memory footprint: <100 MB per agent monitoring 200 files
  • Network efficiency: Only transfers detected events, not entire log files

Supported Formats

Nodinite content-based monitoring supports all text-based log formats:

File Types

  • Plain text - .log, .txt, custom extensions
  • Structured formats - CSV, TSV, tab-delimited
  • Semi-structured - JSON (one object per line), XML logs
  • Web server logs - IIS W3C Extended, Apache, Nginx
  • Application logs - Java Log4j/Logback, .NET, Python, Node.js

Pattern Capabilities

  • Simple keywords - ERROR, EXCEPTION, FATAL, SUCCESS
  • RegEx expressions - Complex pattern matching, value extraction, conditional logic
  • Negative patterns - Exclude expected warnings, reduce false positives
  • Case sensitivity - Configure case-sensitive or case-insensitive matching

Not supported: Binary log formats (Windows .evtx, database binary logs) - use specialized agents instead.

Next Steps

Ready to set up content-based monitoring?

Configure Content Files - Set up monitoring patterns and file filters
[Manage Content Files][] - Perform remote actions and manage alert states
[Monitor Correlated Events][] - Track transaction sequences across log files

Need specific examples?

Monitor IIS W3SVC Logs - HTTP errors, performance, security threats
Monitor File Content - General content pattern detection
Monitor Diagnostic Files - System health and performance monitoring

Monitoring Correlated Events - Track transaction sequences and ACK/NAK patterns
Managing Content Files - Remote actions and alert management
Configuration - Content File - Complete setup guide
Troubleshooting Content Monitoring - Common issues and solutions