For my example, I will use the word “failed”. Since we want to search the logfile line for a specific word, the Operator will be “Contains”.įor the value – this can be the word you are looking for in the line, that you want to alert on. Essentially – log file monitors look at each new line in a logfile as one object to read, and this is represented by “ Params/Param” This “Parameter 1” is the entire line in the logfile, and is the only value that is valid for this type of monitor – so just type/paste that in the box for Parameter Name. On the event expression, click Insert for a new line. You should not check the “UTF8” box unless you know the logfile to be UTF8 encoded. We can use a specific file, such as “logfile.log” or a wildcard, such as “*.log”. The pattern will be the logfile(s) you want to monitor.
We will chose the Generic Text Log for this example:Ĭhoose the appropriate MP to save this new customer rule to, and click Next.įor this rule name – I will be using “Company Name – Monitor remote logfile rule”įor the target – I like to use “Windows Server Operating System” for generic rules and monitors. Right click Rules, and select Create a new rule. In the Ops console – select the Authoring pane > Rules. Therefore we will be creating this rule disabled, and enabling it only for our “Watcher”.
This agent will monitor the remote fileshare similar to the concept of a “Watcher Node” for a synthetic transaction.
This is a bit unique… instead of applying this rule to ALL systems that might have a specific logfile present in a specific directly – we are going to target this rule to only ONE agent. This is useful when we want to monitor a file/files on a NAS or an a share that is hosted by a computer without an agent. This will be a step-by-step example of doing the same, however, using this to monitor the log file on a remote UNC path instead of a local drive.
A log file monitor how to#
There are several examples in blogs on how to create a generic text log rule to monitor for a local text file (Unicode, ASCII, or UTF8).