Thanks for the feedback, I'm testing in the lab and it seems to meet what is needed.
Original Message:
Sent: Jan 03, 2025 01:03 PM
From: Olaf Pape
Subject: match count probe logmon
First of all, just a short explanation before I go into the weekend:
- Open logmon configuration in IM
- First create a profile for the log file
- Configure the Mode, Filename, Interval etc. in the 'General' section.
- Open Watcher Rules
- Define a first watcher for the first host (e.g. URRBC1)
- Start in the 'Standard' section with a simple match expression e.g. *URRBC1
(You can fine adjust the match expression and use RegEx if it works) - Switch to the 'Alarm' section
- Here you can set the desired threshold value (2), the alarm severity and the alarm text in the 'Pattern Match Threshold' panel
- Activate profiles and watcher rule
- Apply
- Test it
You may need to define one or more additional parameters as required.
If it works, then adjust the match expression. If you are sure that it works as desired for this host, then you can repeat the step from point 4 on or simply copy the watcher rule and reconfigure the new watcher rule.
I wasn't able to test it today, but I can do this at the beginning of next week if the explanation doesn't help you.
Original Message:
Sent: Jan 03, 2025 10:32 AM
From: Jose Romero
Subject: match count probe logmon
OK. But any host can be written there twice, i.e. also POPBC1 or NEXTBC1 or another name? Are all possible hosts known?
A: I know all the possible hosts, the idea is to create one test per host
If so and there are not too many, you can create a separate watcher rule for each host and only send an alarm if the rule applies twice. This is defined in the Alarm section of a watcher rule.
A: This is where I need guidance since I want to know how to make the rule so that it sends the alarm only in case the match is 2
If not all hosts are known by name or there are too many hosts, then it will be difficult to solve this only within the Logmon probe. Then there would be the possibility of mapping the request using the Auto-Operator of the probe (but in my opinion this is not nice).
A: I know all the hosts and I will create a test for each node
Do you use Admin Console or Infrastructure Manger for the configuration?
A: Infrastructure Manager
Original Message:
Sent: Jan 03, 2025 07:17 AM
From: Olaf Pape
Subject: match count probe logmon
OK. But any host can be written there twice, i.e. also POPBC1 or NEXTBC1 or another name? Are all possible hosts known?
If so and there are not too many, you can create a separate watcher rule for each host and only send an alarm if the rule applies twice. This is defined in the Alarm section of a watcher rule.
If not all hosts are known by name or there are too many hosts, then it will be difficult to solve this only within the Logmon probe. Then there would be the possibility of mapping the request using the Auto-Operator of the probe (but in my opinion this is not nice).
Do you use Admin Console or Infrastructure Manger for the configuration?
Original Message:
Sent: Jan 02, 2025 02:12 PM
From: Jose Romero
Subject: match count probe logmon
Every time you read the log you should meet the following condition
Case #1
Caso #2
The alarm should be generated only if it finds 2 matches, otherwise no alarms should be generated.
Original Message:
Sent: Jan 02, 2025 11:06 AM
From: Olaf Pape
Subject: match count probe logmon
Hi Jose,
Please give us a little more information. What does 'host is written twice' mean? Is the host written twice in a line directly after each other or directly after each other in two lines? Is the same host always written or are they different hosts?
Maybe you can post an example here.
Original Message:
Sent: Dec 31, 2024 12:18 PM
From: Jose Romero
Subject: match count probe logmon
Dear community, could you please guide me with the following requirement:
I have a log that writes the name of a host several times over a period of time. The user wants only one alarm to be generated each time the host is written twice in the log, let's say a count of 2, the alarm is generated, but if it is generated once, it does not generate an alarm.