Use logmon to run a command and generate one alarm that contains all output

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM) Unified Infrastructure Management for Mainframe DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

We need run a command and have all of the output of the command returned in a single alarm message. How can I capture the output of one command using logmon and have it all as a block in the alarm message, and not in a single line?

Environment

DX UIM 20.4.*/23.4.*
logmon 4.*

Cause

Guidance

Resolution

Listed below are some screen shots and the portion of a logmon config showing a sample profile that will run a command and generate a single alarm with all of the output from the command.

Adjust it to your specific requirements. Note that for the logmon text block variable you must define a field separator such as either:

• New line which is specified as /n
• White space (just press the space bar to enter it)
• Carriage Return which is \r

Sample alarm output (multiple lines)

Additional Information

logmon.cfg sample

<TestBlockAlarmMessage>
      active = yes
      interval = 1 min
      scanfile = cmd /C netstat -an|findstr "4800"
      fileencoding =
      scanmode = command
      alarm = yes
      qos = yes
      message = no
      subject =
      user =
      reccur_directory = no
      reccur_directory_level = 10
      resetFile = no
      initialfileptr = 2
      resumefileptr = 4
      command_timeout_active = yes
      command_timeout = 20
      command_severity = 2
      command_timeout_alarm = yes
      alarmFOpenFail = no
      clearFOpenFailRestart = no
      monitor_exit_code = No
      max_alarm_sev = 5
      max_alarms =
      max_alarm_msg =
      password =
      <formats>
         <test>
            active = yes
            start = *TCP*
            end = *UDP*
            lines = 0
         </test>
      </formats>
      <watchers>
         <test1>
            active = yes
            match = /[0-9A-Za-z]+/
            level = warning
            subsystemid =
            message =
            i18n_token =
            restrict = test
            expect = yes
            abort = no
            sendclear = no
            count = no
            separator =
            suppid =
            source =
           target =
            qos =
            runcommandonmatch = no
            alarm_on_first_match = no
            commandexecutable =
            commandarguments =
            pattern_threshold_severity = information
            pattern_threshold_message =
            timeout = 1
            pattern_threshold =
            expect_message = ${netstatoutput}
            expect_level =
            regexfromexternalfile = no
            patternfilepath =
            token =
            variable_threshold =
            variable_threshold_message =
            variable_threshold_severity = information
            variable_threshold_supp =
            <variables>
               <netstatoutput>
                  definition = *
               </netstatoutput>
            </variables>
         </test1>
      </watchers>
   </TestBlockAlarmMessage>

Note: Wou're running logmon on a Linux/Unix system, you MUST specify the absolute path to the command being run.

Testing Tips

Via Raw Configure for the logmon probe, you can set the debug parameter to 3 and logsize to 10000 so you can watch the progress. For example,

Note also that a 1-minute monitoring interval is useful for testing but can be too aggressive if the entire profile run takes longer than 1 minute due to the size of the output and/or overall processing time. A monitoring interval of 3 to 5 minutes is better for production monitoring, but you can see how the probe handles it via the log output after 5 or so runs/passes.