{"id":909,"date":"2009-08-05T10:00:57","date_gmt":"2009-08-05T08:00:57","guid":{"rendered":"http:\/\/contoso.se\/blog\/?p=909"},"modified":"2009-07-25T11:53:57","modified_gmt":"2009-07-25T09:53:57","slug":"monitor-multiple-events-in-a-logfile-within-x-minutes","status":"publish","type":"post","link":"https:\/\/contoso.se\/blog\/?p=909","title":{"rendered":"Monitor multiple events in a logfile within X minutes"},"content":{"rendered":"

This is a example how you can configure a monitor to generate an alert if a log file contains a word more then X times during Y minutes. In the following example I have configure a monitor to generate a critical\u00c2\u00a0alert if the logfile contains “error” more then four times during a minute. The following example look in any file named logfile*.log in the C:\\logfiles folder. It the application writes a “success” to the logfile, the monitor will be reset back to healthy.<\/p>\n

1. Go to the Authoring workspace and create a new monitor, Log Files\/Text Log\/Repeated Event Detection\/Event Reset<\/p>\n

2. General
\nName: Contoso – Logfile – Repeated Event w event reset
\nMonitor Target: for example Windows Server 2008 Computer (more about targeting here<\/a>\u00c2\u00a0and here<\/a>)
\n…next<\/p>\n

3. Single Generic Log
\nDirectory: C:\\logfiles
\nPattern: logfile*.log
\n…next<\/p>\n

4. Single Event Expression
\nParameter Name: Params\/Param[1]
\nOperator: Contains
\nValue: success
\n…next<\/p>\n

5. Repeated Generic Log
\nDirectory: C:\\logfiles
\nPattern: logfile*.log
\n…next<\/p>\n

6. Repeated Event Expression
\nParameter Name: Params\/Param[1]
\nOperator: Contains
\nValue: error
\n…next<\/p>\n

7. Repeated Event Description
\nCounting mode: Trigger on count
\nCompare Count: 4
\nBased on items occurrence within a time interval: 1 Minutes
\n…next<\/p>\n

\u00c2\u00a0<\/p>\n

8. Health
\nEvent Raised: Healthy
\nRepeated Event Raised: Critical
\n…next<\/p>\n

9. Alerting
\nCheck “Generate alerts for this monitor”
\nInput a suitable alert description, also try include a couple of the data parameters
\n…create<\/p>\n

<\/a><\/p>\n

If any file named logfile*.log in the C:\\logfiles folder now writes four “error” within one minute an critical alert will generated. Then, if a “success” is any\u00c2\u00a0file the monitor will be set back to healthy state. Step 3 and 4 configure the event that will set the monitor back to healthy.<\/p>\n