Do you have some strange application with a logfile? It is suitable to monitor that logfile with MOM. Below there is a short walkthrough how to do that. To get this to work you will need a new provider and a new rule.
1.
Create a new provider.
You create provides in Administrator Console, Management Packs, Provides.
Right-click Provides and choose “Create Provide”, fill in information as below
Source of the provider: Application Log
Type: Application Log
Settings: Generic single-log file
Directory: for example C:\LOG
Format: Generic
File Pattern: for example system.log or log*
Click Finish when done
2.
Create a new computer group, name it to some something suitable for example MyApp. Add all computers you want to monitor.
3.
Create a new rule group. Associate the new computer group with your new rule group.
4.
In you new rule group, right-click Event Rules and choose “Alert on or response to event…”
fill in information as below at Advanced on the Event Rule Properties – Criteria tab.
Provider Name: Choose the provider you created before
Field: Parameter 4
Condition: matches wildcard
Value: For example *warning* if we want an alert when that word is in the logfile.
               Click Add to list
               Click Close
Event Rule Properties – Criteria, click next
Event Rule Properties – Schedule, click next
Event Rule Properties – Alert, check “Generate alert, then click next
Event Rule Properties – Alert Suppression, click next
Event Rule Properties – Responses, click next
Event Rule Properties – Knowledge Base, click next
Event Rule Properties – General, input a name and click finished
That should do it!
Note that it can take some minutes before new rules is active. Also note that MOM will start “read” a line when the application has started on a new line. So when the application has start write to line 2 MOM will read line 1.
I have upload screenshots with all settings, you can find them under screenshots.
Hi,
I have followed the same steps provided. but still MOM agent is not able to detect the log file. Have checked the event log and it says, new event rules are loaded on the server.
Can you please advise.
[…] menu, the default file is C:WindowsSchedLgU. You can monitor this file from MOM 2005, in this, http://contoso.se/blog/?p=32 , post you can read how to monitor a logfile. —– Regards Anders Bengtsson Microsoft MVP – MOM […]