I have a logmon set up to look at a log file for a specific entry: TransactTEST to DCS And I want it to alarm if that entry is put into the log file 60 or more times but i've tried at times to set that in the variable field with no luck. If it's below that no alarm of course. Also if the condition clears, I want the alarm to go away on its own. What currently happens is that when the condition is met, it sends an alarm and shows the alarm count(which is how many times it found the entry in the log file) and stays there, no matter what happens to the log file. Any suggestions on how I can achieve this? I attached the config file.
The variables in the logmon probe allow you to read values in the log message lines to use in alarms or QoS. They do not help you count the number of times a specific log message was seen.
From what I have seen in the logmon probe, you can enable QoS for the number of times a log message was seen, but it does not look like you can use that to determine when alarms are sent.
Unless I am just missing the way to do this in the logmon probe, you may need to use some scripting in the NAS to achieve the desired result. You could make the alarms from logmon invisible and have a script to check if the suppression count on the alarm is at least 59. If it is, the script can generate a new alarm that would be visible. Catching when the issue has cleared is a bit trickier, but I am sure there is a way to do it.
You could also use the logmon probe to post custom messages to the bus rather than send alarm messages. You would probably need to write a custom probe to process the messages, so I doubt this is any simpler than using a NAS script. It may actually be simpler to write a custom script to scan the log file rather than use the logmon probe. (Of course, the logmon probe is good at remembering where it was in the log file on the previous check, so there may still be an advantage to using it.)
Here's a thought. Is there a way to set a clear watcher to look for if TransactTEST to DCS is NOT in the log file and send a clear alarm and then abort on match? So in other words, it will send a clear alarm once it's matched a log file that doesn't contain that string and when it finds that match, it aborts until the other watcher finds said string again in the future. Not sure how I would tell a watcher to look for if that string ISN'T present.
If you want the logmon probe to send a clear message when that is not in the log, I think you can do that all within the same watcher. There is a "Send clear" option in the watcher.
Otherwise there is an option in the watcher that tells the probe to expect a particular string to be there and generate an alarm message if not. That alarm message can be a clear.