need help with log file monitor on exclusion (Network Steve Forum)

need help with log file monitor on exclusion

Hi, I am doing a log-file monitor to monitor a particular word called "ERROR" in the log-file. Now the problem is that they want to ignore few types of "ERROR", like"ERROR:Unidentified error", they want to ignore this but they want other type of matching error. is there a way to do this? Any help is appreciated.

July 3rd, 2012 1:33am

http://blogs.technet.com/b/kevinholman/archive/2009/06/20/using-a-generic-text-log-rule-to-monitor-an-ascii-text-file-even-when-the-file-is-a-unc-path.aspx Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/

Free Windows Admin Tool Kit Click here and download it now

July 3rd, 2012 1:35am

Thanks Blake, but that article does not address my issue I have already setup a logfile monitor to monitor a word called "ERROR" and its working Now the problem is that they want to ignore few types of "ERROR", like if it match "ERROR:Unidentified error", they want to ignore this but they want other type of matching error. Is there a way to do this?

July 3rd, 2012 1:51am

Not easily - you might in some cases be able to use regular expressions in a creative manner to fine tune the monitor but in the end the monitoring is very basic. From the link that Blake gave: http://blogs.technet.com/b/kevinholman/archive/2009/06/20/using-a-generic-text-log-rule-to-monitor-an-ascii-text-file-even-when-the-file-is-a-unc-path.aspx 1) Essentially log file monitors look at each new line in a logfile as one object to read, and this is represented by Params/Param[1] This Parameter 1 is the entire line in the logfile, and is the only value that is valid for this type of monitor so just type/paste that in the box for Parameter Name. 2) Regular expression support: http://support.microsoft.com/kb/2702651 If you want to suppress on the contents of a line then suppression can also only be done on the whole parameter and not a substring. Cheers GrahamRegards Graham New System Center 2012 Blog! - http://www.systemcentersolutions.co.uk View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Free Windows Admin Tool Kit Click here and download it now

July 3rd, 2012 3:12am

You may try this expression Try this expression Parameter Operator value AND Params/Param[1] contains ERROR Params/Param[1] not contains ERROR:Unidentified error Roger

July 3rd, 2012 6:52am

Thanks its worked

Free Windows Admin Tool Kit Click here and download it now

July 6th, 2012 3:02am

This topic is archived. No further replies will be accepted.