UNIX/Linux Shell Command Alerts
UNIX/Linux shell commands can be used to detect events and generate alerts. When the rule is run, the provided command is executed on the agent, and if the output matches the provided filter, the alert is generated.
Rules and monitors run on the agent computer of each instance of the target class, and they usually access data on the local computer. The target must be a UNIX and Linux computer type, such as UNIX/Linux Computer, Linux Computer, etc.
When you run a UNIX/Linux Shell Command rule wizard, you will need to provide values for options in the following tables. Each table represents a single page in the wizard.
The Rule Type page includes basic settings for the rule including its type and the management pack file to store it in.
Select the type of rule to create
To create an alert-generating rule based on the execution of an UNIX/Linux shell command, select UNIX/Linux Shell Command (Alert).
Management pack file to store the rule or monitor.For more information on management packs, see Selecting a Management Pack File.
The General page includes general settings for the rule including its name, category, target, and the management pack file to store it in.
The name used for the rule. The name appears in the Rules view in the Authoring pane. When you create a view or report, you can select this name to use the data collected by it.
Optional description of the rule.
The category for the rule. For a performance collection rule, this should be Performance Collection. For an alerting rule, this should be Alert.
The class to use for the target of the rule. For more information on targets, see Understanding Classes and Objects.
Rule is enabled
If checked, the rule is enabled and the shell command will run according to the schedule. If unchecked, the rule is not enabled and the script will not run. The rule can be enabled for a group of target objects by creating an override to enable the rule.
The following options are available on the Schedule page of the wizard.
Frequency that the script should be run. This should typically not be less than 5 minutes.
If enabled, the schedule will be synchronized to occur at the specified time.
The following options are available on the Shell Command Details page of the wizard.
The shell command to execute. This can be the full path to a program or script, a command, or a one-line sequence of multiple commands (using pipeline operators).
Run As Profile
Either the “UNIX/Linux Action Account” or “UNIX/Linux Privileged Account” profile. Select the profile that associates the required account credentials with the task target. The associated account will be used to execute the command.
The number of seconds that the command can run before the agent stops it. This prevents problem commands from running continuously and putting excess overhead on the agent computer.
The Filter Expression page allows you to filter for output to generate an alert. The alert is generated only if the output of the shell command matches the filter expression.
Filter one or more events
An expression that filters output of the shell command. For more information on building expressions see Expressions The Parameter Name syntax for command execution output is: StdOut: //*[local-name()="StdOut"]StdErr: //*[local-name()="StdErr"]Return Code: //*[local-name()="ReturnCode"]
The following procedure shows how to create an UNIX/Linux shell command alerting rule in Operations Manager with the following details:
Runs on all UNIX/Linux Computers every 15 minutes
Generates an alert if the file “/tmp/error” exists
To create a UNIX/Linux shell command alerting rule
If you don’t have a management pack for the application that you are monitoring, create one using the process in Selecting a Management Pack File.
In the Operations console, select the Authoring workspace, and then select Rules.
Right-click Rules and select Create a new rule.
On the Rule Type page, do the following:
Expand Alert Generating Rules, expand Event Based, and then click UNIX/Linux Shell Command (Alert).
Select the management pack from step 1.
On the General page, do the following:
In the Rule Name box, type Alert on Error File Exists.
In the Rule Category box, select Alert.
Next to Rule Target click Select and then select UNIX/Linux Computer.
Leave Rule is enabled selected.
On the Schedule page, do the following:
In the Run Every boxes, input 15 and Minutes.
On the Shell Command Details page, do the following:
In the Command box, type ls /tmp/error | wc –l. This command sequence will return a 1 if the file “/tmp/error” exists, and a 0 if it does not.
In the Run As Profile box, select the UNIX/Linux Action Account profile.
In the Timeout (Seconds) box, input 120.
On the Filter Expression page, do the following:
Configure an And expression with the entries:
//*[local-name()=”StdOut”] equals 1
//*[local-name()=”ReturnCode”] equals 0
This will trigger an alert whenever the value of the shell command output is 1, and the command executed successfully.
On the Configure Alerts page, do the following:
In the Alert name box, type Error File Found.
In the Alert description box, type The file /tmp/error was found on the computer:
Click the […] button.
Click Target and select Network Name.