DX Infrastructure Management

Expand all | Collapse all

Logmon alert when text is NOT found?

Jump to Best Answer
  • 1.  Logmon alert when text is NOT found?

    Posted 07-08-2015 05:14 AM

    Hi all,

     

    I'm looking to configure a monitor on Logmon to scan a CSV file and alert me when specific text is NOT found, I reported this to support and they cannot find a way of doing it.  I was sure it was possible, does anyone have any ideas on how to achieve this?

     

    Thanks in advance,

    Sam



  • 2.  Re: Logmon alert when text is NOT found?

    Posted 07-08-2015 07:06 AM

    Hi,

     

    You should be able to do this with the "count matches" function. I did a quick test and it did feel a bit wonky to me at first. Either I did something wrong, or it requires that you create a variable in the watches. Here's an example profile that worked for me:

     

    <test_log>
          active = yes
          interval = 30 sec
          scanfile = /tmp/test.log
          fileencoding = 
          scanmode = updates
          alarm = yes
          qos = yes
          message = no
          subject = 
          user = 
          resetFile = no
          initialfileptr = 2
          resumefileptr = 4
          command_timeout_active = no
          command_timeout = 
          command_severity = 2
          command_timeout_alarm = 0
          monitor_exit_code = No
          max_alarm_sev = 5
          max_alarms = 
          max_alarm_msg = 
          password = 
          <watchers>
             <diiba>
                active = yes
                match = /(ladidaa)/
                level = information
                subsystemid = 
                message = 
                i18n_token = 
                restrict = 
                expect = no
                abort = no
                sendclear = no
                count = yes
                separator = 
                suppid = 
                source = 
                target = 
                qos = 
                runcommandonmatch = no
                alarm_on_first_match = no
                commandexecutable = 
                commandarguments = 
                timeout = 1
                count_operator = lt
                count_threshold = 1
                pattern_threshold = 
                expect_message = 
                expect_level = 
                <variables>
                   <var>
                      definition = $1
                      operator = eq
                      qosactive = yes
                      qosname = <Default>
                   </var>
                </variables>
             </diiba>
          </watchers>
       </test_log>
    

     

    Here's the alarm:

     

    QoS count match value is 0.000000 for Profile [test_log] Watcher [diiba]

     

    -jon



  • 3.  Re: Logmon alert when text is NOT found?

    Posted 07-08-2015 08:57 AM

    Thanks Jon,

     

    I've copied you profile and applied it to mine but I'm getting some strange results.  It keep alarming reporting that the words "No" or "Yes" has not been found, even though those keywords are in my file..

     

    My first thought was to use the "Match on every run" option, which apparently reverses the standard logic of Logmon, see this video from 2 minutes 30 seconds in.

     

    The logmon Probe (Part 2 of 3) - Nimsoft Monitor - YouTube

     

    Even using this option I still get alarm reporting that the keywords are absent, even though they are present in the file..

     

    I'm confused!

     

    Here's my profile:

       <CMP Roamed Calls>

          active = yes

          interval = 30 sec

          scanfile = /output/Roamed_Calls_%Y-%m-%d.csv

          scanmode = updates

          alarm = yes

          qos = no

          message = no

          user =

          monitor_exit_code = No

          max_alarm_sev = 5

          max_alarms =

          max_alarm_msg =

          password =

          subject =

          fileencoding =

          resetFile = yes

          initialfileptr = 2

          resumefileptr = 4

          command_timeout_active = no

          command_timeout =

          command_severity = 2

          command_timeout_alarm =

          <watchers>

             <No-Yes>

                active = yes

                match = /(Yes)/

                level = warning

                subsystemid =

                message = HELP! No or Yes NOT found!

                i18n_token =

                restrict =

                expect = yes

                abort = no

                sendclear = no

                count = no

                separator =

                suppid =

                source =

                target =

                qos =

                runcommandonmatch = no

                alarm_on_first_match = no

                commandexecutable =

                commandarguments =

                timeout = 1

                count_operator = lt

                count_threshold = 1

                pattern_threshold =

                expect_message = No or Yes HAS been found

                expect_level = clear

             </No-Yes>

          </watchers>

       </CMP Roamed Calls>



  • 4.  Re: Logmon alert when text is NOT found?
    Best Answer

    Posted 07-14-2015 11:10 AM

    Got it, here's what worked for me:

     

    <Roamed Calls>

    active = yes

    interval = 30 sec

    scanfile = /Roamed_Calls_%Y-%m-%d.csv

    scanmode = cat

    alarm = yes

    qos = no

    message = no

    user =

    monitor_exit_code = No

    max_alarm_sev = 5

    max_alarms =

    max_alarm_msg =

    password =

    subject =

    fileencoding =

    resetFile = yes

    initialfileptr = 2

    resumefileptr = 4

    command_timeout_active = no

    command_timeout =

    command_severity = 2

    command_timeout_alarm =

    <watchers>

    <No-Yes>

    active = yes

    match = *07*

    level = warning

    subsystemid =

    message = HELP! *07* NOT found!

    i18n_token =

    restrict =

    expect = yes

    abort = no

    sendclear = no

    count = no

    separator =

    suppid =

    source =

    target =

    qos =

    runcommandonmatch = no

    alarm_on_first_match = no

    commandexecutable =

    commandarguments =

    timeout = 1

    count_operator = lt

    count_threshold = 1

    pattern_threshold =

    expect_message = 07 HAS been found

    expect_level = information

    </No-Yes>

    </watchers>

    </Roamed Calls>