Consultor Eletrônico

Status: Verified

GOAL:

How to generate an Alert when certain messages are recorded in a logfile within a set timeframe?

GOAL:

How to Schedule an Alert to fire when an specified event is written to a log file?

GOAL:

Can you generate an Alert on a Logfile resource on specific criteria ?

FACT(s) (Environment):

Fathom Management 3.0A
All Supported Operating Systems

FIX:

It is possible to trigger an Alert action when a specific event is written to a monitored resource's logfile by essentially:

1.) Defining the rules to search by
2.) Adding these rules to a Rule Set (not absolutely required, but is good practise)
3.) Defining a Schedule for the timeframe
4.) Adding the Schedule Plan to the monitored Resource
5.) Adding the ruleset to the Schedule Plan


This is perhaps best explained by way of example:

Let's assume that we want to monitor our "mydb" database's logfile between 7am and 8am all week for error messages 2249 8490

1.) [LIBRARY] Create Search Criteria
name: LOG_ABNORML
description: Abnormal Shutdown in LOGFILE
search text: \(2249\)${1} | \(8490\)${1}
search type: Regular Expression
Use Existing Category: Database
[SAVE]

** create more search criteria as needed


2.) [LIBRARY] Create Log File Rule Set
name: 78_logmon
description: stuff to monitor in log files between 7am and 8am
[SAVE]
[ADD RULE]
Choose Criteria Category: Database
Choose Search Criteria: LOG_ABNORML
Severity: Severe
On Alert Perform Action: Default_Mail_Action
[SAVE]

** add more rules to this rule set as needed


3.) [LIBRARY] Create Schedule
name: 78_Schedule
Description: runs daily between 7am and 8am
Days: <select>
From: 7am TO: 8am
[SAVE]


4.) [RESOURCES] -> Databases -> mydb
Log File Monitor
ADD PLAN: ** NOTE, you can't have overlapping Schedules **
Available Schedules: 78_Schedule
Polling Interval: 60 seconds
Alerts Enabled: {true}
[SAVE]
5.) [SELECT RULE SETS] 78_LogMon {true}