How to Create a Log File Simple Event Detection Unit Monitor in Operations Manager 2007

  • Article

Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1

A log file simple event unit monitor queries a log file, or multiple log files using an asterisk (*.log) for a particular text pattern and sets the health state based on the resulting match. You can specify two pattern matches in the log file: one to set the health state to either critical or warning and the other to set the health state to success. In the following procedure, a unit monitor will be created to monitor the file application.log located at C:\logfiles for any line containing error or success.

To create a log file simple event detection unit monitor

  1. Log on to the computer with an account that is a member of the Operations Manager Administrators user role or Operations Manager Authors user role for the Operations Manager 2007 management group.

  2. In the Operations console, click the Authoring button.

  3. In the Authoring pane, expand Authoring, expand Management Pack Objects, and then click Monitors.

  4. In the toolbar, click Scope.

  5. In the Scope Management Packs Objects dialog box, in the Find text box, type Windows Computer, select the Windows Computer target check box, and then click OK.

  6. In the Monitors pane, expand Windows Computer, expand Entity Health, right-click Availability, point to Create a monitor, and then click Unit Monitor.

  7. In the Create Monitor Wizard, on the Select a Monitor Type page, expand Log Files, expand Text Log, expand Simple Event Detection, click Event Reset, and then click Next.

    Note

    You can either select a management pack from the Select destination management pack list or create a new unsealed management pack by clicking New. By default, when you create a management pack object, disable a rule or monitor, or create an override, Operations Manager saves the setting to the Default Management Pack. As a best practice, you should create a separate management pack for each sealed management pack you want to customize, rather than saving your customized settings to the Default Management Pack. For more information, see Default Management Pack.

  8. On the General Properties page, in the Name box, type a name for the unit monitor, and then as an option, you can type a description.

  9. Click the Parent monitor arrow, select the appropriate parent monitor, and then click Next.

  10. On the Application Log Data Source page (for the First Generic Log), under Define the application log data source, in the Directory text box, type a path to where the log files are located, for example, C:\logfiles.

  11. In the Pattern text box, type a pattern string to select log files, for example application.log. Select UTF8 if applicable, and then click Next.

  12. On the Build Event Expression page (for the Build First Expression),click Insert and then do the following:

    1. Under Parameter Name (on the left), type Params/Param[1].

      Note

      The entry Params/Param[1] is the only option available for this field in this monitor.

    2. Under Operator, click the pull down menu and select an operator, for example Contains.

    3. Under Value enter the text that this monitor should trigger on as found in the log file, for example error.

    4. Click Next.

  13. On the Application Log Data Source page (for the Second Generic Log), under Define the application log data source, in the Directory text box, type a path to where the log files are located, typically the same path you entered in step 10, for example C:\logfiles.

  14. In the Pattern text box, type a pattern string to select log files, typically the same log file you entered in step 11, for example application.log. Select UTF8 if applicable, and then click Next.

  15. On the Build Event Expression page (for the BuildSecond Generic Log), click Insert and then do the following:

    1. In the Parameter Name text box, type Params/Param[1].

      Note

      The entry Params/Param[1] is the only option available for this field in this monitor.

    2. Under Operator, click the pull down menu and select an operator, for example Contains.

    3. Under Value enter the text that this monitor should trigger on as found in the log file, for example success.

    4. Click Next.

  16. On the Configure Health page:

    1. In the SecondEventRaised row, select the name in the Operational State column and type a display name for this condition. Click the Health State column, and then use the drop-down box to select Critical, Warning, or Healthy.

    2. In the FirstEventRaised row, select the name in the Operational State column and type a display name for this condition. Click the Health State column, and then use the drop-down box to select Critical, Warning, or Healthy.

      Note

      One of the two events must be configured to set the health state to Healthy.

    3. Click Next.

  17. On the Configure Alerts page, use the default settings or select the Generate alerts for this monitor check box to set custom alert properties, and then click Create.