{"id":32,"date":"2006-06-10T00:02:46","date_gmt":"2006-06-09T22:02:46","guid":{"rendered":"http:\/\/contoso.se\/blog\/?p=32"},"modified":"2006-12-28T14:12:15","modified_gmt":"2006-12-28T12:12:15","slug":"overvaka-loggfil","status":"publish","type":"post","link":"https:\/\/contoso.se\/blog\/?p=32","title":{"rendered":"Monitor logfile"},"content":{"rendered":"<p><font face=\"Calibri\" size=\"3\">Do you have some strange application with a logfile? It is suitable to monitor that logfile with MOM. Below there is a short walkthrough how to do that. To get this to work you will need a new provider and a new rule.<\/p>\n<p>1.<br \/>\nCreate a new provider.<br \/>\nYou create provides in Administrator Console, Management Packs, Provides.<br \/>\nRight-click Provides and choose &#8220;Create Provide&#8221;, fill in information as below<br \/>\nSource of the provider: Application Log<br \/>\nType: Application Log<br \/>\nSettings: Generic single-log file<br \/>\nDirectory: for example C:\\LOG<br \/>\nFormat: Generic<br \/>\nFile Pattern: for example system.log or log*<br \/>\nClick Finish when done<\/font><\/p>\n<p><font face=\"Calibri\" size=\"3\">2.<br \/>\nCreate a new computer group, name it to some something suitable for example MyApp. Add all computers you want to monitor.<\/font><\/p>\n<p><font face=\"Calibri\" size=\"3\">3.<br \/>\nCreate a new rule group. Associate the new computer group with your new rule group. <\/font><\/p>\n<p><font face=\"Calibri\" size=\"3\">4.<br \/>\nIn you new rule group, right-click Event Rules and choose &#8220;Alert on or response to event&#8230;&#8221;<br \/>\nfill in information as below at Advanced on the Event Rule Properties &#8211; Criteria tab.<br \/>\nProvider Name: Choose the provider you created before<br \/>\nField: Parameter 4<br \/>\nCondition: matches wildcard<br \/>\nValue: For example *warning* if we want an alert when that word is in the logfile.<br \/>\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 Click Add to list<br \/>\n\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0\u00c2\u00a0 Click Close<br \/>\nEvent Rule Properties &#8211; Criteria, click next<br \/>\nEvent Rule Properties &#8211; Schedule, click next<br \/>\nEvent Rule Properties &#8211; Alert, check &#8220;Generate alert, then click next<br \/>\nEvent Rule Properties &#8211; Alert Suppression, click next<br \/>\nEvent Rule Properties &#8211; Responses, click next<br \/>\nEvent Rule Properties &#8211; Knowledge Base, click next<br \/>\nEvent Rule Properties &#8211; General, input a name and click finished<\/font><\/p>\n<p><font face=\"Calibri\" size=\"3\">That should do it! <\/font><\/p>\n<p><font face=\"Calibri\" size=\"3\">Note that it can take some minutes before new rules is active. Also note that MOM will start &#8220;read&#8221; a line when the application has started on a new line. So when the application has start write to line 2 MOM will read line 1. <\/font><\/p>\n<p>I have upload screenshots with all settings, you can find them under screenshots.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Do you have some strange application with a logfile? It is suitable to monitor that logfile with MOM. Below there is a short walkthrough how to do that. To get this to work you will need a new provider and a new rule. 1. Create a new provider. You create provides in Administrator Console, Management &hellip; <a href=\"https:\/\/contoso.se\/blog\/?p=32\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/posts\/32"}],"collection":[{"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=32"}],"version-history":[{"count":0,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=\/wp\/v2\/posts\/32\/revisions"}],"wp:attachment":[{"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=32"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=32"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/contoso.se\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=32"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}