DX Unified Infrastructure Management

 View Only

  • 1.  Monitoring with logmon, logs on different lines

    Posted Mar 26, 2019 11:31 AM

    Hi everyone.

    I need monitoring a log that contains a lot information but only need that monitoring this lines.

     

    19-03-11;00:35:01.742 \CREDIBA.$PCRT2   ACI.SKEL-U.1000         1035

               !!!    FROM: P2C^RTAU2         RE: P2C^RTAU2

               Possible error message logged earlier

    I am get the log with logmon probe, configuring a watch rule (Possible\serror\smessage\slogged\searlier) and this working okay, but I need capturing the variable PCRT2 and P2C^RTAU2 

     

    How can I getting this variable for add it on the message of the alert? because the logmon only it's reading one line and if I need capture the variable PCRT2 and P2C^RTAU2 I need readinding the lines above from where the watch rule it's.

     

    Best Regards.

     

    M.E



  • 2.  Re: Monitoring with logmon, logs on different lines

    Broadcom Employee
    Posted Mar 26, 2019 05:00 PM

    Perhaps 'Configure Custom Variables' will work for you since it lets you specify a position.

    logmon AC Configuration - CA Unified Infrastructure Management Probes - CA Technologies Documentation 



  • 3.  Re: Monitoring with logmon, logs on different lines

    Posted Mar 26, 2019 05:38 PM

    David, I know of 'custom variable' but the expression (Possible\serror\smessage\slogged\searlier) is the key for report an error and I need captured this data (P2C^RTAU2) in a variable like $var1. how can configuring this?, because the regular expression and variable are in line diffrents.

     

    Thanks for your support.

     



  • 4.  Re: Monitoring with logmon, logs on different lines

    Broadcom Employee
    Posted Mar 27, 2019 08:55 AM

    Oh, did not pickup on those are three different lines in the log, the single timestamp lead me to believe it was all one line.



  • 5.  Re: Monitoring with logmon, logs on different lines

    Posted Mar 27, 2019 12:11 PM

    You need to add a format rule so that the three lines are considered as one. Beginning of block starts with date.

     

    End of block looks to be trickier.

     

    I'd suggest looking to see if anyone has done this with Oracle logs since they have a similar format.



  • 6.  Re: Monitoring with logmon, logs on different lines

    Posted Mar 27, 2019 02:20 PM

    Thanks Garin, I will try with format rule.

    Other question:
    Now with a regular expression I need find ----> "1035" and "Possible error message logged earlier"

    19-03-11;00:35:01.742 \CREDIBA.$PCRT2   ACI.SKEL-U.1000         1035

               !!!    FROM: P2C^RTAU2         RE: P2C^RTAU2

               Possible error message logged earlier

     

    Is possible create a regular expression that find "1035" in the first line and "Possible error message logged earlier" in the third line ?

     

    Thanks for help me.