Welcome Sign in
System Center Operations Manager TechCenter
Click to Rate and Give Feedback
TechNet
TechNet Library
Systems Management
System Center
Operations Console
Authoring Pane
 How to Create a Log File Simple Eve...
How to Create a Log File Simple Event Detection Unit Monitor in Operations Manager 2007

A log file simple event unit monitor queries a log file, or multiple log files using an asterisk (*.log) for a particular text pattern and sets the health state based on the resulting match. You can specify two pattern matches in the log file: one to set the health state to either critical or warning and the other to set the health state to success. In the following procedure, a unit monitor will be created to monitor the file application.log located at C:\logfiles for any line containing error or success.

To create a log file simple event detection unit monitor

  1. Log on to the computer with an account that is a member of the Operations Manager Administrators user role or Operations Manager Authors user role for the Operations Manager 2007 Management Group.

  2. In the Operations Console, click the Authoring button.

    Bb381375.note(en-us,TechNet.10).gifNote
    When you run the Operations Console on a computer that is not a Management Server, the Connect To Server dialog box will display. In the Server name text box, type the name of the Operations Manager 2007 Management Server that you want the Operations Console to connect to.

  3. In the Authoring pane, expand Authoring, expand Management Pack Objects, and then click Monitors.

  4. In the toolbar, click Scope.

  5. In the Scope Management Packs Objects by target(s) dialog box, in the Look for text box, type Windows Computer, select the Windows Computer target check box, and then click OK.

  6. In the Monitors pane, expand Windows Computer, expand Entity Health, right-click Availability, point to Create a monitor, and then click Unit Monitor.

  7. In the Create Monitor Wizard, on the Select a Monitor Type page, expand Log Files, expand Text Log, expand Simple Event Detection, click Event Reset, and then click Next.

    Bb381375.note(en-us,TechNet.10).gifNote
    You can either select a Management Pack from the Select destination management pack list or create a new unsealed Management Pack by clicking New. For more information see, Operations Manager 2007 Create a unit monitor Wizard: Monitor Type Page.

  8. On the General Properties page, in the Name box, type a name for the unit monitor, and then as an option, you can type a description.

  9. Click the Parent monitor arrow, select the appropriate parent monitor, and then click Next.

  10. On the Application Log Data Source page (for the First Generic Log), under Define the application log data source, in the Directory text box, type a path to where the log files are located, for example, C:\logfiles.

  11. In the Pattern text box, type a pattern string to select log files, for example application.log. Select UTF8 if applicable, and then click Next.

  12. On the Build Event Expression page (for the Build First Expression),click Insert and then do the following:

    1. Under Parameter Name (on the left), type Params/Param[1].
      Bb381375.note(en-us,TechNet.10).gifNote
      The entry Params/Param[1] is the only option available for this field in this monitor.

    2. Under Operator, click the pull down menu and select an operator, for example Contains.
    3. Under Value enter the text that this monitor should trigger on as found in the log file, for example error.
    4. Click Next.

  13. On the Application Log Data Source page (for the Second Generic Log), under Define the application log data source, in the Directory text box, type a path to where the log files are located, typically the same path you entered in step 10, for example C:\logfiles.

  14. In the Pattern text box, type a pattern string to select log files, typically the same log file you entered in step 11, for example application.log. Select UTF8 if applicable, and then click Next.

  15. On the Build Event Expression page (for the Build Second Generic Log), click Insert and then do the following:

    1. In the Parameter Name text box, type Params/Param[1].
      Bb381375.note(en-us,TechNet.10).gifNote
      The entry Params/Param[1] is the only option available for this field in this monitor.

    2. Under Operator, click the pull down menu and select an operator, for example Contains.
    3. Under Value enter the text that this monitor should trigger on as found in the log file, for example success.
    4. Click Next.

  16. On the Configure Health page:

    1. In the SecondEventRaised row, select the name in the Operational State column and type a display name for this condition. Click the Health State column, and then use the drop-down box to select Critical, Warning, or Healthy.
    2. In the FirstEventRaised row, select the name in the Operational State column and type a display name for this condition. Click the Health State column, and then use the drop-down box to select Critical, Warning, or Healthy.
      Bb381375.note(en-us,TechNet.10).gifNote
      One of the two events must be configured to set the health state to Healthy.

    3. Click Next.

  17. On the Configure Alerts page, use the default settings or select the Generate alerts for this monitor check box to set custom alert properties, and then click Create.

Did you find this information useful? Please send your suggestions and comments about the documentation.
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker