Re: SiteScope Log File Monitor and Alerting (185 Views)
Reply
Established Member
RogerMacrae
Posts: 4
Registered: ‎10-24-2013
Message 1 of 5 (187 Views)

SiteScope Log File Monitor and Alerting

Apologies if this has been asked before - tried various searches but didn't come up with anything.

 

I'm experimenting with an SiS monitor to find things in a Solaris messages file, when a match is detected send an email. I'm trying to get this working on SiS 11.20 on Win Server 2003 EE SP2.

 

No matter how I configure the log file monitor, it will not send an email. I know the email alerting works as I'm doing pretty much the same with SNMP traps that are being captured by SiS i.e. SNMP trap arrives from device, content of trap is sent by email as the alerting action.

 

As far as the log file monitor definition is concerned, I am using a regex in the Content Match field which matches the specific structure of the entry in the messages file I  am interested in - the regex works in that if I use the regex Open Tool I can type in various strings that I might expect to find in the file and the regex matches the whole thing.

 

A sample string that might be found is:-

 

Jul 30 08:34:58 MPS rmclomv: [ID 211032 kern.error] PSU @ PS0 has FAULTED.

 

And the regex which I'm using is:-

 

/(^\w{3} \d{1,2} \d{2}:\d{2}:\d{2} [0-9A-za-z\.]+ [0-9A-Za-z:]+ [\[0-9A-Za-z\s\.\]]+ [0-9A-Za-z\s\@\._]+)/

 

In the Advanced Setting section of the monitor configuration, I've set up a Match Value Label which I've called errorString.

 

Moving down a little further to the Threshold Settings I have a set up a couple of Error If conditions based on the Match Value referred to above as follows:-

 

errorString contains 'PSU'

errorString contains  'CPU_FAN'

errorString contains 'TEMP_SENSOR'

 

The monitor, via the regex appears to find the sample string above, all well and good but the thresholding doesn't trigger the email alert.

 

The logic I've applied to setting it up this way is as follows:-

 

1) Whilst the regex is rather longwinded, I'm interested in the whole string

2) I assume (rightly or wrongly) that the Match Value I've setup (errorString) contains the string found in the file - it does appear in the Error If Condition drop down box

3) One of the threshold Error If conditions I've defined will be true on the basis that message string contains the word PSU which should send the email alert

 

I think that all makes sense, its just I'm not getting an email as expected - perhaps I don't quite understand the logical flow. Any comments or pointers would be most welcome. 

 

Thanks & regards,

Roger

Please use plain text.
HP Expert
Gunnar_L
Posts: 303
Registered: ‎05-22-2012
Message 2 of 5 (185 Views)

Re: SiteScope Log File Monitor and Alerting

Hi,

 

Before to start troubleshooting would you please do a aquick test?

 

Please create a different file monitor and use this regex: /FAULTED/ in the thresholds settings use the condition: Error if matches > 0, then create a mail alert if the monitor is in error.

 

Please  let me know if you received the alert using this simple regex.

 

Best Regards,

Gunnar López
HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Please use plain text.
Established Member
RogerMacrae
Posts: 4
Registered: ‎10-24-2013
Message 3 of 5 (162 Views)

Re: SiteScope Log File Monitor and Alerting

Hi Gunnar,

 

Thanks for the reply.

 

I created a new group, created a new monitor in the group with the regex and threshold as described. I then created a new email alert and attached this to the group (also tried attaching to the monitor).

 

When I inject a message into the log file and then run the monitor it finds the string and shows a match in error on the dashboard for the monitor but doesn't send an email. I tried a couple of log file injections, same results.

 

I tested the newly created alert and this does send an email.

 

Attached are screen shots of the monitor status and history views.

 

Is there a specific log file on my SiS server that I can go and have a look through? Is it possible to run in debug?

 

Kind Regards,

Roger

Please use plain text.
Established Member
RogerMacrae
Posts: 4
Registered: ‎10-24-2013
Message 4 of 5 (155 Views)

Re: SiteScope Log File Monitor and Alerting

Hi Gunnar,

 

A quick update for you - I found and followed another thread which was almost along the same lines:-

 

http://h30499.www3.hp.com/t5/Application-Perf-Mgmt-BAC-BSM/E-Mail-alert-in-sitescope-to-send-full-li...

 

It now works and email is being sent although I have a permanent error status set on the dashboard.

 

In following the thread above, the monitor definition is pretty basic so a little experimentation is in order to get to where I want to be.

 

Thanks & regards,

Roger

Please use plain text.
Established Member
RogerMacrae
Posts: 4
Registered: ‎10-24-2013
Message 5 of 5 (141 Views)

Re: SiteScope Log File Monitor and Alerting

Gunnar,

 

I've got it all working the way I want. Went back to basics as you suggested and gradually built up the regex to pattern match the full message and hey presto it works. The regex I'm using now is a little different to the original I posted, I discovered a subtle difference in the way the original was pattern matching and have made a change.

 

Thanks & regards,

Roger

 

 

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation