How to create a logmon watcher rule for monitoring a ptpd log for time drift.


Needing a watcher rule, with variables defined on a field seperator of ,
The field being looked at is a + or - value that is a decimal. Question is how to trigger when it is outside 1 < x > -1. The example number is -0.000001218, and the need is to know if it is ever -1.0 or +1.0. How to do this...


Wanting to generate an alarm from the column 5 of the following logfile line (-0.000001218) when it is > 1.0 or less than -1.0. Logfile line to parse -
2014-11-05 16:19:06.424183, slv, 001c73ffff410921(unknown)/06f45214fffe835a21,? 0.000003835, -0.000001218,? 0.000002637,? 0.000003280, 17307.726000000, S, 0.000000000, 0, 0.000000404, 951, 17310, 0
Using a regex in the search field of the watcher:


This will skip to the fifth field in the log line and test for any number values that are < -0.05 and > 0.05. The regex could be modified for other ranges.

Next also added a second watcher that clears the alarm when it returns to a good value:


