Hello Community,
I'm reaching out for advice on file monitoring using the LogMon probe.
Here's the situation:
I am checking files in the directory "/mnt/DIR1/DIR2". If a file contains "log" in its name, no action is needed (for example: "firstfile-log-12.xml"). However, if a file does not contain "log" in its name, I need to create an alert (for example: "firstfile-12.xml").
Initially, I tried using the dirscan probe, but it wasn't meeting my requirements. Although it alerted me when files were found, I encountered issues when trying to exclude files with specific patterns. This led me to switch to the logmon probe.
Currently, I'm using the following command:
find "/mnt/DIR1/DIR2" -type f ! -name "*log*" | wc -l
This command successfully creates an alert when files without "log" in their names are found.
The Watcher Rule is set to:
Attached is a screenshot of the variable.
While it's helpful that alerts are being created, I'm facing an issue with clearing alerts when the directory is replaced with a new folder each day. The new folder may be empty, but the existing alert from the previous day remains active. This means that if there are files in the new folder today, no new alert is generated because the previous day's alert persists.
I would appreciate any insights on how to suppress alerts when no files are found in the new daily folder.
Thank you in advance for your assistance.