How to create a delimited text log alerting rule

  • 發行項

適用於: System Center Operations Manager 2007

The following procedure shows how to create an alert rule from a delimited text log in the Operations Manager 2007 Authoring console. Before you perform this procedure, you must first complete the prerequisite procedure How to Create a Class in which you create the target class.

The monitor created in this procedure has the following characteristics:

  • Runs on any computer that has an instance of MyComputerRole1.

  • Watches a log file that has a naming pattern of MyApp*.log located in the c:\logs directory. The file is expected to be comma delimited.

  • Creates an alert with a critical state when the string “error” is found in the second field.

  • Includes the first, third, and fourth fields in the description of the alert.

  • Suppresses alerts when the name of the logging computer and the value in the first field match.

To create a delimited text log alert rule

  1. In the Authoring console, select Health Model, and then select Rules.

  2. Right-click in the Rules pane, select New, select Alerting, and then select Text Log (Delimited).

  3. On the General page, do the following:

    1. In the ElementID box, type MyMP.Rule.AlertOnDelimitedTextLog.

    2. In the Display Name box, type MyApplication Delimited Log Error.

    3. In the Target box, select MyMP.MyComputerRole1.

    4. In the Category box, select Alert. Click Next.

  4. On the Application Log Data Source page, do the following:

    1. In the Directory box, type c:\logs.

    2. In the Pattern box, type MyApp*.log.

    3. In the Separator box, type a COMMA. Click Next.

  5. On the Build Event Expression page, do the following:

    1. Click Insert.

    2. In the Parameter Name box type Params/Param[2].

    3. In the Operator box select Contains.

    4. In the Value box type error.

    5. Click Next.

  6. On the Configure Alerts page, do the following:

    1. In the Alert name box, type Error found in MyApplication delimited text log..

    2. Click the button to the right side of the Alert description box.

    3. Clear the text in the Value box.

    4. Select Data, then Params, then Param.

    5. Replace the text <<INT>> with 1.

    6. Move to the end of the line and press the ENTER key.

    7. Select Data, then Params, then Param.

    8. Replace the text <<INT>> with 3.

    9. Move to the end of the line and press the ENTER key.

    10. Select Data, then Params, then Param.

    11. Replace the text <<INT>> with 4.

    12. Move to the end of the line and press the ENTER key.

    13. Click OK.

  7. Click Finish.

  8. Right-click MyMP.Rule.AlertOnDelimitedTextLog and select Properties.

  9. On the Modules tab, do the following:

    1. Click the Edit button next to the Action pane.

    2. Click the Configure button.

    3. Click the Alert Suppression button.

    4. Select Logging Computer and Parameter 1.

  10. Click OK.

  11. Click OK.

  12. Click OK.

  13. Click OK.

另請參閱

概念

Events
Alert Rules