Monday, November 11, 2013

PATROL LOG KM Examples - Part 5: Parsing script output instead of log file

In the previous 4 posts, we have discussed various ways to parse a log file using BMC PATROL LOG KM. Did you know that you can also use LOG KM to parse the output of a script?

Normally when you write your own script to collect data, you would need to write a custom KM to parse the result and send out alerts.  Although LOG KM doesn't provide the flexibility offered by a custom KM, it saves tremendous amount of development and maintenance effort comparing to writing a custom KM. All features available to parse a log file work the same way when parsing the output of a script.

For example, if you want to check the availability of a website, you would want to write a script to ping the website periodically and get an alert when the website is unreachable.  If we use www.bmc.com in our example, your script would look like:

ping www.bmc.com

First save this script in a file C:\scripts\ping_bmc.bat.

In your LOG KM configuration screen, put C:\scripts\ping_bmc.bat as your log file name and 'PING_BMC' as the logical name for the instance.  Then select 'Script' as your file type.  The default file type is 'Text File'. Please see the screen shot included in 'PATROL LOG KM Examples - Part 2' post for the locations of these selections.

In the 'Default Settings for Search Criteria' section, you have two ways to send alerts to BPPM/BEM cell: 1) Use recovery action to send parsing result as discussed in 'PATROL LOG KM Examples - Part 1' post; or 2) Use 'Custom Event Message' and 'Custom Event Origin' as discussed in 'PATROL LOG KM Examples - Part 2' post.

For this particular example, I found that using option 2) would work better because I can simply put "Unable to reach www.bmc.com." in my 'Custom Event Message' instead of the raw output from the script. I can also put '%APPCLASS%.%FILENAME%.%LOGICALNAME%' as my 'Custom Event Origin'.

In your search criteria configuration screen, use '0% loss' as your search string and check the 'NOT' box next to it because we only want to be alerted when there is a packet loss.

When there is a packet loss, or when the script output states "Ping request could not find host www.bmc.com.", you will receive an event in BPPM/BEM cell as follows:

mc_object_class='LOGMON';
mc_object='C:\scripts\ping_bmc.bat';
mc_parameter='PING_BMC';
msg='Unable to reach www.bmc.com.'

3 comments: