DX Unified Infrastructure Management

  • Private Community
 View Only

  • 1.  SystemEDGE - File monitoring to alert and clear in Spectrum

    Posted Feb 10, 2015 04:43 AM

    Hi All,

     

    I would like to monitor a log file with SystemEDGE and to send alerts to Spectrum, as well as clearing it automatically.

     

    To monitor a file: /test/testlog.log

    Keyword Critical: down

     

    Then when monitoring the same log file, I would like SystemEDGE to also detect another keyword so the alarm can be cleared in Spectrum.

     

    To monitor a file: /test/testlog.log

    Keyword OK: up

     

    I am also using VAIM (CA Virtual Assurance) to deploy policies and templates to my agents.  Under policy and template, I am able to find "Autowatchers" with "Object class": "logMonitorEntry [Log file monitors]".  But I do not know if this is even the correct place for me to look at.

     

    Any help greatly appreciated.



  • 2.  Re: SystemEDGE - File monitoring to alert and clear in Spectrum
    Best Answer

    Broadcom Employee
    Posted Aug 21, 2015 02:50 PM

    SystemEDGE log file monitoring is not threshold based, so there is no mechanism to send a clear trap.    SystemEDGE will remember line count per poll cycle and resume at the newest entries since the last poll was performed.

     

    Generally speaking log file monitors are not something you would use autowatchers for.     You would navigate to monitors > log file.     The reason for this is different log files will require unique regex.

     

    If you would like to submit any suggestions for design change to SystemEDGE you can do it here:

     

    https://communities.ca.com/community/ca-infrastructure-management

    Then go to Action > Submit an Idea.



  • 3.  Re: SystemEDGE - File monitoring to alert and clear in Spectrum

    Broadcom Employee
    Posted Aug 24, 2015 09:49 AM

    Brian's answer is correct but possibly you are just not doing this the way you want.

    So a log monitor will send an alert for every entry in the file and will be in a state. There is no negative pattern reset.
    But if what you really want is that when a certain log watcher is critical you want to know (meaning it found matches on a poll interval) and the next poll interval there were no new matches.
    You can likely Do not send match traps option And then just set a threshold monitor for the logmonitorseverity. If matches were found and the severity was set to critical for example.

    Then you can monitor oid .1.3.6.1.4.1.546.11.1.1.17.<+yourindex> and when in critical 6 send a threshold trap. And if the matches are not found on the next polling cycle and the watcher returns to 2 OK then you should get you threshold clear trap. So I suspect you would just be best off using a monitor oid on you existing logfile monitor to accomplish what you want.

     

    Please let me know if you have any questions or if this helps.