logmon - how to scan two strings in a file using one watcher rule and print one consolidated message in the alarm console

book

Article ID: 195895

calendar_today

Updated On:

Products

CA Unified Infrastructure Management SaaS (Nimsoft / UIM) DX SaaS

Issue/Introduction

I'm trying to scan two strings in a file, using a single watcher rule in logmon probe. My requirement is to generate a single alarm with both the message printed. Just FYI, this file will always consist these two strings in different lines and I want both to be printed till the end of their respective lines. I tried this regex: /string1,string2/ and a few others, but nothing served my purpose. I am expecting message on match as: string1 = XYZ and string2 = ABC

Environment

Release : 9.02 or higher

Component : UIM LOGMON 4.11

Resolution

This could not be accomplished using 1 watcher. It was accomplished with 2 watchers and a script and nas AO profile to consolidate the alarm messages into one.

logmon.cfg (you can stop the logmon probe and save off your current cfg and replace it with this one to play around the the profile/settings)

<setup>
   logfile = logmon.log
   debug = 4
   logsize = 1000
   cfg_ver = 2
   format_interval = 1
   severity = 5
   commOnRunThreads = 100
   winDefaultEncoding = UTF-8
   standard_static_threshold = false
   user =
   password =
   alarmOnFileOpenFailed = no
   fOpenClearAlramRestart = no
   SystemEncoding = UTF-8
</setup>
<profiles>
   <myexec>
      active = no
      interval = 60 sec
      scanfile = myexec
      fileencoding =
      scanmode = queue
      alarm = yes
      qos = no
      message = no
      subject =
      user =
      reccur_directory = no
      reccur_directory_level = 10
      resetFile = no
      initialfileptr = 2
      resumefileptr = 4
      command_timeout_active = no
      command_timeout =
      command_severity = 2
      command_timeout_alarm = 0
      alarmFOpenFail = no
      clearFOpenFailRestart = no
      monitor_exit_code = No
      max_alarm_sev = 5
      max_alarms =
      max_alarm_msg =
      password =
      <watchers>
         <Running>
            active = no
            match = /.*Running\sScript:\s(.*)/
            level = critical
            subsystemid =
            message =
            i18n_token =
            restrict =
            expect = no
            abort = no
            sendclear = no
            count = no
            separator =
            suppid = ${PROFILE}-${host}
            source =
            target =
            qos =
            runcommandonmatch = no
            alarm_on_first_match = no
            commandexecutable =
            commandarguments =
            pattern_threshold_severity = information
            pattern_threshold_message =
            timeout = 1
            pattern_threshold =
            expect_message =
            expect_level =
            regexfromexternalfile = no
            patternfilepath =
            token =
            variable_threshold =
            variable_threshold_message =
            variable_threshold_severity = information
            variable_threshold_supp =
            <variables>
               <host>
                  definition = $1
                  operator = eq
               </host>
            </variables>
         </Running>
         <Delhaize_informaix_test>
            active = yes
            match = /tabname\s(\w+).*nrows\s+(\d+)
            level = information
            subsystemid =
            message = TableName: ${tablename} Row Count: ${row_count}
            i18n_token =
            restrict =
            expect = no
            abort = no
            sendclear = no
            count = no
            separator =
            suppid =
            source =
            target =
            qos =
            runcommandonmatch = no
            alarm_on_first_match = no
            commandexecutable =
            commandarguments =
            pattern_threshold_severity = information
            pattern_threshold_message =
            timeout = 1
            pattern_threshold =
            expect_message =
            expect_level =
            regexfromexternalfile = no
            patternfilepath =
            token =
            variable_threshold =
            variable_threshold_message =
            variable_threshold_severity = information
            variable_threshold_supp =
            <variables>
               <tablename>
                  definition = $1
                  operator = eq
               </tablename>
               <row_count>
                  definition = $2
                  operator = eq
               </row_count>
            </variables>
         </Delhaize_informaix_test>
      </watchers>
      <formats>
         <delhaize_informix>
            active = yes
            start = /tabname\s.*/
            end =
            lines = 2
         </delhaize_informix>
      </formats>
   </myexec>
   <SteveD>
      active = yes
      interval = 1 min
      scanfile = D:\out\hadr_out.txt
      fileencoding = UTF-8
      scanmode = cat
      alarm = yes
      qos = no
      message = no
      subject =
      user =
      reccur_directory = no
      reccur_directory_level = 10
      resetFile = no
      initialfileptr = 2
      resumefileptr = 4
      command_timeout_active = no
      command_timeout =
      command_severity = 2
      command_timeout_alarm = 0
      alarmFOpenFail = yes
      clearFOpenFailRestart = yes
      monitor_exit_code = No
      max_alarm_sev = 5
      max_alarms =
      max_alarm_msg =
      password =
      <watchers>
         <testing>
            active = yes
            match = /.*HADR_ROLE\s+=\s+(\w+).*/
            level = information
            subsystemid =
            message = HADR ROLE = ${role}
            i18n_token =
            restrict =
            expect = no
            abort = no
            sendclear = no
            count = no
            separator =
            suppid =
            source =
            target =
            qos =
            runcommandonmatch = no
            alarm_on_first_match = no
            commandexecutable =
            commandarguments =
            pattern_threshold_severity = information
            pattern_threshold_message =
            timeout = 1
            pattern_threshold =
            expect_message =
            expect_level =
            regexfromexternalfile = no
            patternfilepath =
            token =
            variable_threshold =
            variable_threshold_message =
            variable_threshold_severity = information
            variable_threshold_supp =
            <variables>
               <role>
                  definition = $1
                  operator = eq
               </role>
            </variables>
         </testing>
         <test2>
            active = yes
            match = /.*HADR_CONNECT_STATUS\s+=\s+(\w+).*/
            level = information
            subsystemid =
            message = and HADR CONNECT STATUS = ${status}
            i18n_token =
            restrict =
            expect = no
            abort = no
            sendclear = no
            count = no
            separator =
            suppid =
            source =
            target =
            qos =
            runcommandonmatch = no
            alarm_on_first_match = no
            commandexecutable =
            commandarguments =
            pattern_threshold_severity = information
            pattern_threshold_message =
            timeout = 1
            pattern_threshold =
            expect_message =
            expect_level =
            regexfromexternalfile = no
            patternfilepath =
            token =
            variable_threshold =
            variable_threshold_message =
            variable_threshold_severity = information
            variable_threshold_supp =
            <variables>
               <status>
                  definition = $1
                  operator = eq
               </status>
            </variables>
         </test2>
         <testing3>
            active = no
            match = /.*HADR_ROLE\s+=\s+(\w+).*/
            level = information
            subsystemid =
            message =
            i18n_token =
            restrict =
            expect = no
            abort = no
            sendclear = no
            count = no
            separator =
            suppid =
            source =
            target =
            qos =
            runcommandonmatch = no
            alarm_on_first_match = no
            commandexecutable =
            commandarguments =
            pattern_threshold_severity = information
            pattern_threshold_message =
            timeout = 1
            pattern_threshold =
            expect_message =
            expect_level =
            regexfromexternalfile = no
            patternfilepath =
            token =
            variable_threshold =
            variable_threshold_message =
            variable_threshold_severity = information
            variable_threshold_supp =
         </testing3>
      </watchers>
      <formats>
         <multiLine>
            active = yes
            start = /^HADR_ROLE .*/
            end =
            lines = 16
         </multiLine>
      </formats>
   </SteveD>
   <abc_company_df>
      active = yes
      interval = 1 min
      scanfile = type D:\out\df_output.txt | find /c /v ""
      fileencoding =
      scanmode = command
      alarm = yes
      qos = no
      message = no
      subject =
      user =
      reccur_directory = no
      reccur_directory_level = 10
      resetFile = no
      initialfileptr = 2
      resumefileptr = 4
      command_timeout_active = no
      command_timeout =
      command_severity = 2
      command_timeout_alarm = 0
      alarmFOpenFail = no
      clearFOpenFailRestart = no
      monitor_exit_code = No
      max_alarm_sev = 5
      max_alarms =
      max_alarm_msg =
      password =
      <watchers>
         <LineCount>
            active = yes
            match = /(\d+)/
            level = warning
            subsystemid =
            message = Line count ${count}
            i18n_token =
            restrict =
            expect = no
            abort = no
            sendclear = no
            count = no
            separator =
            suppid = ${PROFILE}
            source =
            target =
            qos =
            runcommandonmatch = no
            alarm_on_first_match = no
            commandexecutable =
            commandarguments =
            pattern_threshold_severity = information
            pattern_threshold_message =
            timeout = 1
            pattern_threshold =
            expect_message =
            expect_level =
            regexfromexternalfile = no
            patternfilepath =
            token =
            variable_threshold =
            variable_threshold_message =
            variable_threshold_severity = information
            variable_threshold_supp =
            <variables>
               <count>
                  definition = $1
                  operator = gt
                  threshold = 16
               </count>
            </variables>
         </LineCount>
      </watchers>
   </abc_company_df>
</profiles>
Name of profile – SteveD
Trigger definition:
   <triggers>
      <SteveD>
         active = yes
         message = /.*HADR.*/
         level = information
         probe = logmon
         visible = 0
      </SteveD>
</triggers>
AO Profile:
      <hadr_consolidation>
         active = yes
         action = script hadr_alarm_consolidation
         overdue = 20s
         message = /.*HADR\sCONNECT\sSTATUS.*/
         level = information
        probe = logmon
         visible = 0
         order = 8
         break = no
      </hadr_consolidation>
 
LUA script:
alrm = alarm.get()
 
new_message = ""
buf1 = ""
buf2 = alrm.message
if trigger.state ("SteveD") and trigger.count ("SteveD") >=2 then
   print(trigger.count ("SteveD"))
   al = trigger.alarms ("SteveD")
   if al ~= nil then
      for i,a in pairs(al) do
         print(a.message)
         if a.robot == alrm.robot then
            if substr(a.message,"ROLE") then
               buf1 = a.message
            end
            new_source = a.source
            action.close (a.nimid)
         end      
      end
      new_message = buf1.." "..buf2
      print(new_message)
      nimbus.alarm(4,new_message,alrm.robot.."-HADR_STATUS","",new_source)
   end
end

nas trigger:

 

 

nas AO profile which calls the script:

 

 

 

 

Additional Information

Here is the nas LUA script.

LUA script:

alrm = alarm.get() 

new_message = ""

buf1 = ""

buf2 = alrm.message

if trigger.state ("SteveD"and trigger.count ("SteveD") >=2 then

   print(trigger.count ("SteveD"))

   al = trigger.alarms ("SteveD")

   if al ~= nil then

      for i,a in pairs(al) do

         print(a.message)

         if a.robot == alrm.robot then

            if substr(a.message,"ROLE"then

               buf1 = a.message

            end

            new_source = a.source

            action.close (a.nimid)

         end      

      end

      new_message = buf1.." "..buf2

      print(new_message)

      nimbus.alarm(4,new_message,alrm.robot.."-HADR_STATUS","",new_source)

   end

end