Technology Tips and News
Hello,
one of our Linux servers pings a system outside our domain every minute and writes the result in a log. With the log file monitor for linux i monitor the log for the string "100% loss" - if none of the pings a positiv.
I want a event / alert after 3 times of getting a match in the log to prevent events / alerts because of network load.
Is it possible to set a timer or setting the match to true after 3 times?
Regards, Doreen
Hello,
This is possible, but requires some fairly intensive MP authoring. You would need to create a new MP data source that combines the log file monitoring data source with a System.ConsolidatorCondition module (http://msdn.microsoft.com/en-us/library/ee809324.aspx).
A simpler option might be to use the Shell Command Templates to create an alert generating rule that uses tail and grep to check the last entries in the log. For example, you could create a rule that ran the following command every 5 minutes:
res=`tail -n 5 /var/mylogfile |grep '100% loss'|wc -l`;if [ $res -gt 2 ];then echo ERROR;else echo OK;fi
Then set the filter so that the alert is generated if the StdOut contains ERROR. This would have the effect of generating an alert if the 3 pings failed in a 5 minute window.
-Kris
Hi Kris,
the second way sounds nice. I created the rule. For the filter I take the standard:
I hope I can run a test next week and give you a positiv feedback.
Regards.
Hi Kris,
the second way sounds nice. I created the rule. For the filter I take the standard:
I hope I can run a test next week and give you a positiv feedback.
Regards.
Hi Kris,
the second way sounds nice. I created the rule. For the filter I take the standard:
I hope I can run a test next week and give you a positiv feedback.
Regards.
Hi Kris,
the second way sounds nice. I created the rule. For the filter I take the standard:
I hope I can run a test next week and give you a positiv feedback.
Regards.
The test today was successfull. Now I have the problem that the rule recognizes the error every 5 Minutes and don't remember the last status like the log file monitor. So if the status with unsuccessfull ping will be about an hour I am getting 12 error messages. Thats not nice...
Is it possible that after one status change the others will not creating any alert?
The test today was successfull. Now I have the problem that the rule recognizes the error every 5 Minutes and don't remember the last status like the log file monitor. So if the status with unsuccessfull ping will be about an hour I am getting 12 error messages. Thats not nice...
Is it possible that after one status change the others will not creating any alert?
The test today was successfull. Now I have the problem that the rule recognizes the error every 5 Minutes and don't remember the last status like the log file monitor. So if the status with unsuccessfull ping will be about an hour I am getting 12 error messages. Thats not nice...
Is it possible that after one status change the others will not creating any alert?
The test today was successfull. Now I have the problem that the rule recognizes the error every 5 Minutes and don't remember the last status like the log file monitor. So if the status with unsuccessfull ping will be about an hour I am getting 12 error messages. Thats not nice...
Is it possible that after one status change the others will not creating any alert?
Maybe I found a way: AlertSupression
But I am not sure how to configure it correctly.
Should I add a principal name or did the rule check if its the same?
Regards, Doreen
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier