Alert generated via probe gives incorrect threshold number
ref: threshold set is 1 hour and alert generated is current file age 442128 hours, expected = 1 hours /interfaces/controlfile/(BATCH-EDP_20200608190034_-SNNNPO-XXXOPBCTControlfile.xml
Exact requirement is "files can be created any time and should be moved within 1 hour, so we want to alert if a file is there in the directory for greater than 1 hour."
With the approach described in this article, here are the dirscan configuration results-> Alarms were only generated for files that were greater than an hour old (since the probe is 'expecting' the file to be 'less than' an hour old.
- dirscan profile configuration
Release : 9.0.2
Component : UIM - DIRSCAN v3.17
For Windows machines,
Choose a Directory to scan and a file Pattern.
Under Alarm messages-> Age of File,
Expect this value < 1 hours
Watch age of 'individual' files.
'On creation time.' (note this applies only to Windows machines).
Sample alarm from lab testing:
TestFileAge: file age 1 hours, expected < 1 hours (MyTESTFILE.rtf)
For UNIX/Linux machines,
On UNIX/Linux the 'On creation time' option is not valid so it is 'grayed out' in the GUI in IM anyway.
Do the same thing when you create your profile but don't use the creation time and it will work the same way. For example, testing on Linux (RHEL 7), it found all the files in the .tmp directory and alarmed on them since they ere older than 1 hour and then to test it you can create 2 files, e.g., via touch and/or vi.
Wait 1 hour, and the alarms are generated.