|
Aim
In this example, we setup the monitoring of the /var/adm/messages system LOG file of a Sun Solaris server.
Procedure
| 1. | Add a new “LOG File Monitoring and Analysis” class: |
| ▪ | Specify the credentials to connect through SSH |
| ▪ | Root credentials are not needed (so leave the “Access As” credential fields empty) |
| ▪ | Select “SSH” as the connection method (SSH is enabled by default on Sun Solaris systems) |
| 2. | Add a new LOG file to monitor (Add “Input properties”): |
| ▪ | Specify the path to the log file: /var/adm/messages |
| ▪ | Select “Parsed on the Managed Element” option for the parsing method |
| ▪ | Add a new String Search: |
| ▪ | CRITERION 1: Line must contain “fatal” in the 9th column, column separator is \b (blank space), case insensitive |
| 3. | Add a new String Search: |
| ▪ | Count lines that match with [CRITERION 1] and [CRITERION 2] |
| ▪ | CRITERION 1: Line must contain “scsi” in the 5th column, case insensitive |
| ▪ | CRITERION 2: Line must contain “warning” in the 9th column, case insensitive |
| ▪ | Column separator is \b (blank space) |
| ▪ | Reinitialize alerts after 24 hours |
| 4. | Specify the following thresholds: |
| ▪ | On the “Matching Lines” parameter on both String Searches objects, specify the “.*” (without the quotes) regular expression threshold that will raise an alarm when it is found at least once |
| ▪ | On the “Matching Line Count (LB)” parameter on both String Searches objects, enable the alarm threshold when the parameter reaches 1 |
Result
We get alerts on the Matching Lines parameter of either the Fatal Errors or Disk Warnings String Searches object as such errors are written to the /var/adm/messages system LOG file.
The alerts on the Matching Lines parameter will contain the actual error found in the LOG file.
When one fatal error is posted in the LOG file for example, both the Matching Lines and the Matching Line Count parameter will raise an alarm.
At the next collect, if no new error is posted in the file, the Matching Lines parameter returns to the OK state while the Matching Line Count parameter stays in alarm for 24 hours (as it has been setup).
|
