Also, as Gene pointed out, it looks like all your patterns are wrong.
You should reread
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/logmon-log-monitoring/logmon-im-configuration.htmlPicking one pattern in general, you have
*Backup Status:Completed with problem*
It is poorly documented but there's kind of a general behavior in UIM regarding patterns in that their evaluation depends on some guesses about what you were trying to intend.
Generally speaking, if the first and last characters of the pattern are the forward slash (/) then it's a regex unless the string contains a comma (,).
If it is a regex, then the pattern is stripped of the leading and training / characters and evaluated using the semi uniform Java interpretation of the characters - regexpal.com is a good site to use to test such patterns.
If the pattern begins and ends with / but includes a comma, then the behavior gets a little variable but the general action is that the pattern is treated like a list of patterns - so you could have /.*word1.*/,/.*word2.*/ as the pattern and it would get evaluated like you had listed two separate regex patterns. More likely though is that you had /.*word1.*,.*word2.*/ (intending to match a string containing word1 followed by a comma followed by word2) but instead this appears to get broken into two strings, and because the trailing / isn't there, they're not valid regex and so treated as a list of words. Do not rely on this behavior as it seems to be a defect.
And finally, if not a valid regex, the pattern is treated like a space delimited list of words to match.
So, your line "*Backup Status:Completed with problem*" has no / characters and no commas so it's treated like a list of words to match. That is almost assuredly not what you wanted. It should match any line with "problem" in it including something like "No problem was encountered".
You would be far better off always using the regex specification and not relying on the legacy parsing of non-regex strings.
Your pattern here would be much better specified as /.*?Backup\sStatus\:Completed\swith\sproblem.*/ (the three characters .*? mean to match any character as few times as possible including zero times. Regex tries by default to match as many as possible which is usually the least efficient way to match log file lines.)
Original Message:
Sent: 09-17-2020 11:46 AM
From: Garin Walsh
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
Right, but how are you determining that logmon is the cause of the statement "But sometimes/ on somedays I am not getting alerts for the instances"?
What are you doing to check that logmon didn't work? have you verified that nas didn't get the message? That maybe someone already acknowledged them? Maybe the alarm you are expecting to see is just being added to an existing one rather than creating a new one?, etc.
Logmon is that start of the alert in the process here but there are a large number (relatively speaking) of places along the path that might cause an alert from a correctly working logmon not to appear wherever you are looking to see them.
Original Message:
Sent: 09-17-2020 01:59 AM
From: amar kondraju
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
@ Gene : You might want to try setting it to cat mode to test since you are not getting new information - I have tested this for master instance and its working fine.
@ Garin : As the backup status is not triggering as alert I have raised this but exactly I do not know why this is occuring and as Gene suggested I have tested with cat mode and I am able to get alerts for that instances. But sometimes/ on somedays I am not getting alerts for the instances and all the logmon instances test profile tested successully as well. Please suggest.
Regards
Amar
Original Message:
Sent: 09-16-2020 10:23 AM
From: Garin Walsh
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
Also, how are you determining that logmon is the cause of the stated issue " I am not getting alerts for the instances that I have configured".
Is there a chance that logmon is working fine and there's something else going on?
Original Message:
Sent: 09-16-2020 08:34 AM
From: Gene HOWARD
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
try changing your Match expression to a regex statement such as:
/.*Backup\sStatus:Success.*/
That might help with your issue.
the log cover about a 2-hour window.
In that time the target file was not modified so no new alarm was generated.
You might want to try setting it to cat mode to test since you are not getting new information.
------------------------------
Gene Howard
Principal Support Engineer
Broadcom
Original Message:
Sent: 09-16-2020 02:24 AM
From: amar kondraju
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
Hi all,
logmon 3.92 version only being used in our environment. We are able to test these profiles correctly but alerts are sometimes not coming up.
Regards
Amar
Original Message:
Sent: 09-11-2020 02:17 PM
From: Garin Walsh
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
You fail to show the full file or any watchers so it's hard to tell if you have the patterns correct.
Make sure you follow https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/logmon-log-monitoring/logmon-im-configuration/logmon-advanced-im-configuration.html for your specific OS.
And consider using * instead of the time primitives.
File%Y%m%d.log and File*.log might work equally well as logmon watches all files that match the pattern.
Original Message:
Sent: 09-11-2020 09:24 AM
From: Gene HOWARD
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
I would also suggest you update to the latest version the 3.92 version you are running is from 2018
------------------------------
Gene Howard
Principal Support Engineer
Broadcom
Original Message:
Sent: 09-11-2020 08:44 AM
From: David MICHEL
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
Provide log samples from when the alarm was and was not generated.
------------------------------
Support Engineer
Broadcom
Original Message:
Sent: 09-11-2020 07:59 AM
From: amar kondraju
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
Hi all,
Kindly provide some reasons and help us in resolving this issue.
Regards]
Amar
Original Message:
Sent: 09-11-2020 02:21 AM
From: amar kondraju
Subject: logmon - monitor log that continuously updates daily with date at the end of the log
Hi all,
Hi all,
I am trying to monitor log that continuously updates daily with date at the end of the log and so I have used %Y%m%d.log at the end. I am not getting alerts for the instances that I have configured on the lefthandside on daily basis but I am able to test all these profiles in UIM successfully. Why it is not giving us alerts and why it is giving us alerts some of the days only - how to sort out this problem?
Regards
Amar