find string in logs directory, send email

[netwerkassist]

I would like to monitor a directory of logs for specific occurrences of memory issues. Manually I run findstr -s *Heap.memory" from the command prompt. I'm looking for some help/expertise to have a batch file I could run as a windows scheduled task daily, initiate a search of the logs and if a string is found to be able to notify.

Appreciate replies.

[Ed Dyreen]

I would like to monitor a directory of logs for specific occurrences of memory issues. Manually I run findstr -s *Heap.memory" from the command prompt. I'm looking for some help/expertise to have a batch file I could run as a windows scheduled task daily, initiate a search of the logs and if a string is found to be able to notify.

Appreciate replies.

Just add that command to a batch file. You want to be informed when the string is found so you can use the onSucces command which is just a double & symbol. onSucces you will want to be informed so you may want a messageBox to popup informing you about that.

Code: Select all

@echo off

findstr.EXE /S /I /R "*heap.memory" &&(

	net.EXE START messenger
	net.EXE SEND "%COMPUTERNAME%" "heap.memory found"
	pause
 )
 
 exit 0

Now the shedule, you may want the batch to be interactive so you can scroll and get more detailed info.
Because this information is missing i will assume you will only want to be informed when you are logged in as Administrator.

Code: Select all

schtasks.EXE /CREATE /U Administrator /P myPassword /SC DAILY /TN heapMemory /TR "%~f0" /ST 00:00:00

But you can also add the job using the GUI named Planned Tasks.

You may want the batch to produce a logfile of it's own and then open it instead of simple informing a match was found. I will leave that up to you.. Oh i forgot the email part, I will help you with that later if i get a response from you.

[netwerkassist]

Thanks for posting the reply! This looks like I could work with this well. I should be able to create a log output file. I could use some help with the email function though and attach the created log in something like c:\temp\memory_log.txt .

[Ed Dyreen]

Thanks for posting the reply! This looks like I could work with this well. I should be able to create a log output file. I could use some help with the email function though and attach the created log in something like c:\temp\memory_log.txt .

I added some comments and included an exemplary mail.

before using this script make a telnet connection with your mail server to figure out what it uses for default encoding.
Most mail servers use base64 for login, you can figure that out by looking at the server's response.

if you address the server with HELO it should default to plain text or base64. and reply with Hello
if you greet it with EHLO, it should enable an encrypted connection.
you can just say helo and then later enable encoding also but is server specific.

i ask you to google for ICMP yourself and first learn to talk with the server using telnet.
once you figure out how to send mails manually, this batch can be a nice template to script future messages.

sendMail.CMD

Code: Select all

@echo off &setlocal enableDelayedExpansion &set $lf=^


::
set  ^"$c1=%%~#^<nul ^^"
set ^"$n1c=^^^%$lf%%$lf%^%$lf%%$lf%^<nul ^^"

:: ip changed ?
:: ipconfig /flushdns &cls

call :getDate "()"

:: CUSTOMIZABLE SECTION
:: (
	set    ^"$server=[server] [portNumber]"			%= port number usually is 25, example: www.gmx.com 25 =%

	set       "$user="					%= your login name,	server may expect base64 encoded !	=%
	set       "$pass="					%= your login password 	server may expect base64 encoded !	=%

	set       "$from="					%= your mail address, 			example: me@gmx.COM	=%
	set         "$to="					%= correspondent's mail address, 	example: he@gmx.COM	=%
	set "$returnPath="					%= your mail address, 			may be left empty	=%

	set  "$fromAlias="					%= your alias, 				can be left empty	=%
	set    "$toAlias="					%= correspondent's alias, 		can be left empty	=%
	set    "$replyTo="					%= correspondent's replyto address, 	can be left empty	=%

	set   ^"$subject="					%= 					can be left empty	=%
	set      ^"$date=!$dayName!, !$day! !$monthName! !$year! 00:00:00 +0000"

%==%for %%# in ("") do set ^"$data=%$c1%
%=	=%%$c1%
%=	=%Connection from 208.79.240.2, Sun Nov 12 13:25:05 2017%$n1c%
%=	=%EHLO mail.rollernet.us%$n1c%
%=	=%STARTTLS%$n1c%
%=	=%EHLO mail.rollernet.us%$n1c%
%=	=%MAIL FROM:^<admin@gmx.COM^> SIZE=6511%$n1c%
%=	=%RCPT TO:^<he@gmx.COM^>%$n1c%
%=	=%RCPT from 208.79.240.2 - user ^<me@gmx.COM^> not known.%$n1c%
%=	=%RSET%$n1c%
%=	=%QUIT%$n1c%
%=	=%3 sec. elapsed, connection closed Sun Nov 12 13:25:08 2017%$n1c%
%=	=%%$n1c%
%=	=%namasté,%$n1c%
%=	=%%$n1c%
%=	=%.«¤{O}¤».•me•.«¤{O}¤».%$n1c%
"
:: )

:: Surround with doublequotes if defined
for %%? in ( $fromAlias, $toAlias ) do if defined %%~? set %%~?="!%%~?!" &set %%~?=!%%~?:""="!

for %%# in ("") do set ^"$data=%$c1%
%$c1%
%=	=%FROM: !$fromAlias! ^<!$from!^>%$n1c%
%=	=%TO: !$toAlias! ^<!$to!^>%$n1c%
%=	=%REPLY-TO: ^<!$replyTo!^>%$n1c%
%$c1%
%=	=%SUBJECT: !$subject!%$n1c%
%=	=%DATE: !$date!%$n1c%
%=	=%%$n1c%
%=	=%!$data!%$n1c%
%=	=%%$n1c%
%=	=%.%$n1c%
%=	=%%$n1c%
"
for %%? in ( "!$lf!" ) do set "$data=!$data:%%~?=\m!"

> "script.txt" (

	echo.!$server!
	echo.WAIT "server ready."

	echo.SEND "helo\m"
	echo.WAIT "Hello, ."

	echo.SEND "auth login\m"
	echo.WAIT "334 VXNlcm5hbWU6"%=				do not change, base64 for server response: [Username:]=%
	echo.SEND "!$user!\m"
	echo.WAIT "334 UGFzc3dvcmQ6"%=				do not change, base64 for server response: [Password:]=%
	echo.SEND "!$pass!\m"
	echo.WAIT "235 Authentication successful."

	echo.SEND "MAIL FROM: <!$returnPath!>\m"
	echo.WAIT "250 Sender OK - send RCPTs."

	echo.SEND "RCPT TO: <!$to!>\m"
	echo.WAIT "250 Recipient OK - send RCPT or DATA."

	echo.SEND "DATA\m"
	echo.WAIT "354 OK, send data, end with CRLF.CRLF"

	echo.SEND "!$data!"
	echo.WAIT "250 Data received OK."

	echo.SEND "QUIT"
	%=										=%
	%=	must end with no or double empty line otherwise				=%
	%=	Telnet Scripting Tool v1.0 will show help instead of running the script	=%
	echo.
)

type "script.txt"
pause
start /LOW "Telnet Scripting Tool v1.0" "tst10.exe" /r:script.txt &exit 0

:getDate "()"
::
setlocal
:: (
	set "$date=!DATE!"

	:: get $dayName
	:: (
		set "ma=Mon" &set "di=Tue" &set "wo=Wed" &set "do=Thu" &set "vr=Fri" &set "za=Sat" &set "zo=Sun"
		for %%? in ( "!$date:~0,2!" ) do set "$dayName=!%%~?!"
	:: )

	:: get $day
	:: (
		for /F "tokens=1 delims=/" %%? in ( "!$date:~3!" ) do set "$=%%~?"
		if %$:~0,1% NEQ 0 ( set "$=!$:~0,2!" ) else set "$=!$:~1,1!"

		set "$day=!$!"
	:: )

	:: get $monthName
	:: (
		for /F "tokens=2 delims=/" %%? in ( "!$date:~3!" ) do set "$=%%~?"
		if %$:~0,1% NEQ 0 ( set "$=!$:~0,2!" ) else set "$=!$:~1,1!"

		set "1=jan" &set "2=feb" &set "3=mar" &set "4=apr" &set "5=may" &set "6=jun"
		set "7=jul" &set "8=aug" &set "9=sep" &set "10=okt" &set "11=nov" &set "12=dec"
		for %%? in ( "!$!" ) do set "$monthName=!%%~?!"
	:: )

	:: get $year
	:: (
		for /F "tokens=3 delims=/" %%? in ( "!$date:~3!" ) do set "$=%%~?"

		set "$year=!$!"
	:: )
:: )
endlocal &set "$dayName=%$dayName%" &set "$day=%$day%" &set "$monthName=%$monthName%" &set "$year=%$year%" &exit /B 0

I've attached a zip file containing a base64 enc-/decoder and the telnet scripting tool required for automating telnet.
https://anonfile.com/h8EbNcg6bd/sendMail_7z

Oh last thing but important if you intend to use my template, you need to change the date function because i coded it for dutch machine. Normally I include macro's that retrieve this info from registry but I seemed not have done that here, it would also complicate things for you if the function would malfunction so i just leave it like this.

You may not understand every command of this script so I explain the most important things briefly, most people on this forum also know. $LF is a linefeed, ( do not remove the empty line it is intentionally ), $c1 is a line continuation that is only for visual convenience it will not be inside any macro. $n1c is a linefeed and a continuation identical to \n that you may have seen other people use, but i use my own definitions because i use various types of those depending on nesting and expansion states. $ is not necessary but it is my variable identifier required by doskit ( my function library ).

[netwerkassist]

Thanks again for putting your time into this post. This is quite helpful. Once I'm back in the office this week I'll play around with this to see if I can get this going.