There is another way to configure PATROL LOG KM to send one alert per matched log entry. This option is lesser known, but it is more flexible than sending one alert per polling cycle because you can specify alert severity separately for each string pattern. For example, you can specify severity ALARM for each log entry that matches string pattern "fatal", and specify severity WARNING for each log entry that matches string pattern "retry".
To send one alert per matched log entry, you need to configure "Default Settings for Search Criteria" section as shown in the following example:
"Custom Event Origin" should contain three strings separated by '.'. The first string before '.' (%APPCLASS% in the above example) will go to mc_object_class slot in your event. The 2nd string between two '.'s (%FILENAME% in the above example) will go to mc_object slot in your event. The 3rd string after the '.' (%LOGICALNAME% in the above exmaple) will go to mc_parameter slot in your event. In the above example, you will get an event with
mc_object_class='LOGMON';
mc_object='C:\BMC\Patrol3\log\PatrolAgent-Sophie-3181.errs';
mc_parameter='PATROL_AGENT_LOG';
"Custom Event Message" should contain anything you want to show in msg slot of your event. In the above example. I put "%SEARCHID%:%1-". If you specify your search ID as "FATAL" for your string pattern "fatal", and the log entry that matches "fatal" string pattern is "Fatal error. Application exit.", the msg slot in your event will be:
msg='FATAL:Fatal error. Application exit.';
This is the only screen your need to configure to let PATROL LOG KM send one alert per matched log entry. Unlike the previous post, you don't need to do anything in pconfig or coding in PSL at all.
Hi Willa,
ReplyDeleteThis dint work in LOG VER 2.7.00 BUILD, Not sure on what i am missing.
Kevin,
ReplyDeleteThank you for your comments. You may want to upgrade your LOG KM since there were some issues with version 2.7.00 per BMC support.
Willa