Home » Scripts » Reading a logfile with a 3 state monitor

Reading a logfile with a 3 state monitor

By in Scripts, System Center Operations Manager 2007 on .

If you build a monitor to monitor a logfile, Operations Manager will remember which line it was reading last. Operations Manager will only look for new keyword below that line, it will not read the whole file again. I did a lot of tests with logfile monitoring, read more about them here. If you need to get Operations Manager to read the whole logfile each time, you can use a scrip like this:

 
Const ForReading = 1
Set oAPI = CreateObject(“MOM.ScriptAPI”)
Set oBag = oAPI.CreatePropertyBag()

Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objTextFile = objFSO.OpenTextFile _
(“c:\temp\file.txt”, ForReading)

Do Until objTextFile.AtEndOfStream
strText = objTextFile.ReadLine

varWarPos = Instr(strText, “Warning”)
If varWarPos > 0 Then
varStatus = “Warning”
varLine = strText
End If

varCriPos = Instr(strText, “Critical”)
If varCriPos > 0 Then
Call oBag.AddValue(“Line”, strText)
Call oBag.AddValue(“Status”,”critical”)
Call oAPI.Return(oBag)
Wscript.Quit(0)
End If

Loop
objTextFile.Close

If varStatus = “Warning” Then
Call oBag.AddValue(“Line”, varLine)
Call oBag.AddValue(“Status”,”warning”)
Call oAPI.Return(oBag)
Wscript.Quit(0)
Else
Call oBag.AddValue(“Status”,”ok”)
Call oAPI.Return(oBag)
End If

This script will read the file (c:\temp\file.txt) line by line. The script is looking for two keywords in the logfile, “Warning” and “Critical”. If there is a “Critical” in a line the script will send back a bag with status=Critical and the script will stop. If there is a “Warning” in the line the script will continue, as there might be a “critical” somewhere too. If there was only “Warning” the script will send back status=Warning. If there was no “Warning” or “Critical” the script will send back status=ok.

If there is a “Warning” or “Critical” the script will also put that line into a bag, and send it back to Operations Manager. You will see this line in the alert description. To use this script, you can configure a monitor like this:

  • Create a new monitor of type Scripting/Generic/Timed Script Three State Monitor. Input a suitable name and target. More about targeting here.
  • Schedule
    • Configure your script to run every X minute. The script will rad the whole logfile each time
  • Script
    • Filename and Timeout, for example CheckFile.vbs and 2 minutes
    • Paste the script in the script field
  • Unhealthy expression
    • Property[@Name=’Status’]
    • Equals
    • Warning
  • Degraded expression
    • Property[@Name=’Status’]
    • Equals
    • Critical
  • Healthy expression
    • Property[@Name=’Status’]
    • Equals
    • ok
  • Alerting
    • Check Generate alerts for this monitor
    • Generate an alert when: The monitor is in a critical or warning health state
    • Check Automatically resolve the alert when the monitor returns to a healthy state
    • Alert name: Input an alert name
    • Alert Description
      • State $Data/Context/Property[@Name=’Status’]$
      • Line $Data/Context/Property[@Name=’Line’]$

Summary: This monitor, including the script, will read a logfile and generate alerts based on keywords. In will read the whole logfile each time and look for two different keywords.

13 Comments

  1. Hi Anders,

    I need to monitor with a 3 state monitor de Time Source of several VMs. I have the next script but it doesnt work… i dont know why.

    Dim oAPI, oBag
    strCommand = “%SystemRoot%\System32\w32tm.exe /query /source”
    Set oAPI = CreateObject(“NOM.ScriptAPI”)
    Set oBag = oAPI.CreatePropertyBag()
    Call oBag.AddValue(“Source”,strCommand)
    Call oAPI.Return(oBag)

    Next to this, i have the Expresion like you write before, with the “equals” and the value of the w32tm

    Im doing something wrong? or there is other way to monitor the Time Source?

    Thanks in advance

  2. Hi,
    You can use the same script, just remove one status, Call oBag.AddValue(“, then update the IF part to check you value. is it a file you want ot check as source?

  3. I want to use this similar script to catch a numerical value. For example anything above 12000 I should get a critical alert and the alert should get cleared if the value available in the text file is less than 12000. Any help will be really appreciated.

  4. Hi,
    I started Ops Mgr 2012 this morning and created a MP, it is attached. It is working and to see it in a report I use the Custom Event report. Looking for the word *NO_CLIENT_SITE* in the C:\Logfiles\mylogfile.log. As it is a collection rule no alert is generated. You can then use the Custom Event Report, filer event ID 0, to see the events. After that you can add more filters. Download MP at http://contoso.se/blog/?attachment_id=3189

  5. Hello,

    I have been able to work out with your two excellent articles the alrt on the Netlogon.log file sending a message when there is No_Client_Site in the line… Now I am trying to do a report but using http://contoso.se/blog/?p=306 I have or no result when using the selection criteria or time-out when running the report with no selection!!! Any idea?
    Thanks,
    Dom

  7. Hello,

    Excellent blog thanks a lot it saves me a lot of time. How to get the report on the same source information?

    Thanks,
    Dom

  8. Hi, thanks for reading my blog. It will read the whole file each time, and if there is a warning keyword it will still continue, and see if there is a critical keyword too. Else it will generate an Warning event. The scenario is that the whole logfile needs to be read everytime, for example if the application rotate the logfile.

  9. if I understand this, wouldnt the next time the script kicks off show you the same alarms again? For example, say the log file has 100 lines in it, and the text you are looking for is
    “already in database” and that occurs lets say twice in the file, when the script runs it will read these and generate 1 or 2 alarms? and if it runs again in say 2 minutes will it alarm again on those same lines?

  10. So you want the script only to look for Critical and not Warning? We don’t need to look for “OK” as if we don’t return a warning or critical the status of the monitor will not change, it will return OK by default. If you remove

    varWarPos = Instr(strText, “Warning”)
    If varWarPos > 0 Then
    varStatus = “Warning”
    varLine = strText
    End If

    it will no longer look for warning. There is the same piece of lines for critical, but it will return result to Ops Mgr direct. So if you want it to do that keep that part.

  11. Can you please reply to Phil MacDonal’s request regarding the two-state monitor? I am looking for a two-state version of this script as well.

  12. I think that the same script for two state will look like :

    Const ForReading = 1
    Set oAPI = CreateObject(“MOM.ScriptAPI”)
    Set oBag = oAPI.CreatePropertyBag()

    Set objFSO = CreateObject(“Scripting.FileSystemObject”)
    Set objTextFile = objFSO.OpenTextFile _
    (“c:\temp\file.txt”, ForReading)

    Do Until objTextFile.AtEndOfStream
    strText = objTextFile.ReadLine

    varCriPos = Instr(strText, “Critical”)
    If varCriPos > 0 Then
    Call oBag.AddValue(“Line”, strText)
    Call oBag.AddValue(“Status”,”critical”)
    Call oAPI.Return(oBag)
    Wscript.Quit(0)
    End If

    Loop
    objTextFile.Close

    Call oBag.AddValue(“Status”,”ok”)
    Call oAPI.Return(oBag)
    End If

  13. Anders,

    I am trying to accomplish the same script as a two state monitor. Critical and Ok but I am unable to have any success when I modify the script. By chance do you have an example two state script.

    Cheers,

    Phil

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.