How to configure the logmon probe in Unified Infrastructure Management to generate alarms based on a threshold.

Document ID : KB000047014
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

     The logmon probe in Unified Infrastructure Management (UIM) can be configured to generate an alarm after matching a string a specified number of times. 

Background:  

     This has been successful in UIM v8.4+ with logmon v3.60. 

Environment:  

     UIM 8.4+
     logmon probe v3.60

Instructions: 

  1. Follow the instructions in the probe documentation under create a profile (https://docops.ca.com/ca-unified-infrastructure-management-probes/en/alphabetical- probe-articles/logmon-log-monitoring/logmon-im-configuration#logmonIMConfiguration-CreateaProfile
  2. In addition to the standard set up described in the documentation make sure the following settings are enabled. 

General Tab:

     Mode = Updates

     Generate Quality of Service = Checked

     Generate Alarm = Checked

Watcher Rules Tab:

 

     Standard Sub-Tab:

           Match Expression = <string you want to match in the log file>

 

     Variables Sub-Tab: 

          Create a Variable. 

          Double click on variable in table to the right. 

          In the pop up window set the settings as follows:

               Source FROM Position = Match Expression

               Source TO Position = Ignore 'To'

               Expected Value Operator = <>

               Expected Value Threshold = /*/

     

     QOS Sub-Tab:

           Check Count Matches

           Select desired Variable

     

     Alarm Sub-Tab:

           Set Count Matches Operator

           Set Count Matches Threshold.