Do you have some strange application with a logfile? It is suitable to monitor that logfile with MOM. Below there is a short walkthrough how to do that. To get this to work you will need a new provider and a new rule.
Create a new provider.
You create provides in Administrator Console, Management Packs, Provides.
Right-click Provides and choose “Create Provide”, fill in information as below
Source of the provider: Application Log
Type: Application Log
Settings: Generic single-log file
Directory: for example C:\LOG
File Pattern: for example system.log or log*
Click Finish when done
Create a new computer group, name it to some something suitable for example MyApp. Add all computers you want to monitor.
Create a new rule group. Associate the new computer group with your new rule group.
In you new rule group, right-click Event Rules and choose “Alert on or response to event…”
fill in information as below at Advanced on the Event Rule Properties – Criteria tab.
Provider Name: Choose the provider you created before
Field: Parameter 4
Condition: matches wildcard
Value: For example *warning* if we want an alert when that word is in the logfile.
Click Add to list
Event Rule Properties – Criteria, click next
Event Rule Properties – Schedule, click next
Event Rule Properties – Alert, check “Generate alert, then click next
Event Rule Properties – Alert Suppression, click next
Event Rule Properties – Responses, click next
Event Rule Properties – Knowledge Base, click next
Event Rule Properties – General, input a name and click finished
That should do it!
Note that it can take some minutes before new rules is active. Also note that MOM will start “read” a line when the application has started on a new line. So when the application has start write to line 2 MOM will read line 1.
I have upload screenshots with all settings, you can find them under screenshots.