After creating a new Log Event metric / rule and testing it against an existing log file, the rule fails to trigger.
A Log Event based rule does not evaluate on previously existing data in a log file. A Log Event rule can only trigger on data which has been appended to the log file after monitoring has begun.
Ensure the data which meets the rule's criteria has the exact value used in the metric and the values being appended to the log file after monitoring has already been enabled against that log file.
If a log file gets overwritten entirely, as opposed to appended to, you may try the following alternative solution:
Create a new Command metric with the following values:
Name: [desired log file name] search for [desired text] Polling interval: 300 seconds Data type: Numeric Use: Command line: type [path to desired log file] | find /c "[desired text to search for]" Line: Parsed lines: 0 Return value column: 0
Create a new rule which references this new Command metric with a condition of "Is equal to or greater than 1". Any lines which match the desired text will increment the numeric metric value, therefore if any lines are met the metric value will be 1 or greater. If no lines match, the metric value will be 0.
Monitor Solution for Servers (all versions)
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.