logmon - how to scan two strings in a file using one watcher rule and print one consolidated message in the alarm console
I'm trying to scan two strings in a file, using a single watcher rule in logmon probe. My requirement is to generate a single alarm with both the message printed. Just FYI, this file will always consist these two strings in different lines and I want both to be printed till the end of their respective lines. I tried this regex: /string1,string2/ and a few others, but nothing served my purpose. I am expecting message on match as: string1 = XYZ and string2 = ABC
Release : 9.02 or higher
Component : UIM LOGMON 4.11
This could not be accomplished using 1 watcher. It was accomplished with 2 watchers and a script and nas AO profile to consolidate the alarm messages into one.
logmon.cfg (you can stop the logmon probe and save off your current cfg and replace it with this one to play around the the profile/settings)
<setup>
logfile = logmon.log
debug = 4
logsize = 1000
cfg_ver = 2
format_interval = 1
severity = 5
commOnRunThreads = 100
winDefaultEncoding = UTF-8
standard_static_threshold = false
user =
password =
alarmOnFileOpenFailed = no
fOpenClearAlramRestart = no
SystemEncoding = UTF-8
</setup>
<profiles>
<myexec>
active = no
interval = 60 sec
scanfile = myexec
fileencoding =
scanmode = queue
alarm = yes
qos = no
message = no
subject =
user =
reccur_directory = no
reccur_directory_level = 10
resetFile = no
initialfileptr = 2
resumefileptr = 4
command_timeout_active = no
command_timeout =
command_severity = 2
command_timeout_alarm = 0
alarmFOpenFail = no
clearFOpenFailRestart = no
monitor_exit_code = No
max_alarm_sev = 5
max_alarms =
max_alarm_msg =
password =
<watchers>
<Running>
active = no
match = /.*Running\sScript:\s(.*)/
level = critical
subsystemid =
message =
i18n_token =
restrict =
expect = no
abort = no
sendclear = no
count = no
separator =
suppid = ${PROFILE}-${host}
source =
target =
qos =
runcommandonmatch = no
alarm_on_first_match = no
commandexecutable =
commandarguments =
pattern_threshold_severity = information
pattern_threshold_message =
timeout = 1
pattern_threshold =
expect_message =
expect_level =
regexfromexternalfile = no
patternfilepath =
token =
variable_threshold =
variable_threshold_message =
variable_threshold_severity = information
variable_threshold_supp =
<variables>
<host>
definition = $1
operator = eq
</host>
</variables>
</Running>
<Delhaize_informaix_test>
active = yes
match = /tabname\s(\w+).*nrows\s+(\d+)
level = information
subsystemid =
message = TableName: ${tablename} Row Count: ${row_count}
i18n_token =
restrict =
expect = no
abort = no
sendclear = no
count = no
separator =
suppid =
source =
target =
qos =
runcommandonmatch = no
alarm_on_first_match = no
commandexecutable =
commandarguments =
pattern_threshold_severity = information
pattern_threshold_message =
timeout = 1
pattern_threshold =
expect_message =
expect_level =
regexfromexternalfile = no
patternfilepath =
token =
variable_threshold =
variable_threshold_message =
variable_threshold_severity = information
variable_threshold_supp =
<variables>
<tablename>
definition = $1
operator = eq
</tablename>
<row_count>
definition = $2
operator = eq
</row_count>
</variables>
</Delhaize_informaix_test>
</watchers>
<formats>
<delhaize_informix>
active = yes
start = /tabname\s.*/
end =
lines = 2
</delhaize_informix>
</formats>
</myexec>
<SteveD>
active = yes
interval = 1 min
scanfile = D:\out\hadr_out.txt
fileencoding = UTF-8
scanmode = cat
alarm = yes
qos = no
message = no
subject =
user =
reccur_directory = no
reccur_directory_level = 10
resetFile = no
initialfileptr = 2
resumefileptr = 4
command_timeout_active = no
command_timeout =
command_severity = 2
command_timeout_alarm = 0
alarmFOpenFail = yes
clearFOpenFailRestart = yes
monitor_exit_code = No
max_alarm_sev = 5
max_alarms =
max_alarm_msg =
password =
<watchers>
<testing>
active = yes
match = /.*HADR_ROLE\s+=\s+(\w+).*/
level = information
subsystemid =
message = HADR ROLE = ${role}
i18n_token =
restrict =
expect = no
abort = no
sendclear = no
count = no
separator =
suppid =
source =
target =
qos =
runcommandonmatch = no
alarm_on_first_match = no
commandexecutable =
commandarguments =
pattern_threshold_severity = information
pattern_threshold_message =
timeout = 1
pattern_threshold =
expect_message =
expect_level =
regexfromexternalfile = no
patternfilepath =
token =
variable_threshold =
variable_threshold_message =
variable_threshold_severity = information
variable_threshold_supp =
<variables>
<role>
definition = $1
operator = eq
</role>
</variables>
</testing>
<test2>
active = yes
match = /.*HADR_CONNECT_STATUS\s+=\s+(\w+).*/
level = information
subsystemid =
message = and HADR CONNECT STATUS = ${status}
i18n_token =
restrict =
expect = no
abort = no
sendclear = no
count = no
separator =
suppid =
source =
target =
qos =
runcommandonmatch = no
alarm_on_first_match = no
commandexecutable =
commandarguments =
pattern_threshold_severity = information
pattern_threshold_message =
timeout = 1
pattern_threshold =
expect_message =
expect_level =
regexfromexternalfile = no
patternfilepath =
token =
variable_threshold =
variable_threshold_message =
variable_threshold_severity = information
variable_threshold_supp =
<variables>
<status>
definition = $1
operator = eq
</status>
</variables>
</test2>
<testing3>
active = no
match = /.*HADR_ROLE\s+=\s+(\w+).*/
level = information
subsystemid =
message =
i18n_token =
restrict =
expect = no
abort = no
sendclear = no
count = no
separator =
suppid =
source =
target =
qos =
runcommandonmatch = no
alarm_on_first_match = no
commandexecutable =
commandarguments =
pattern_threshold_severity = information
pattern_threshold_message =
timeout = 1
pattern_threshold =
expect_message =
expect_level =
regexfromexternalfile = no
patternfilepath =
token =
variable_threshold =
variable_threshold_message =
variable_threshold_severity = information
variable_threshold_supp =
</testing3>
</watchers>
<formats>
<multiLine>
active = yes
start = /^HADR_ROLE .*/
end =
lines = 16
</multiLine>
</formats>
</SteveD>
<abc_company_df>
active = yes
interval = 1 min
scanfile = type D:\out\df_output.txt | find /c /v ""
fileencoding =
scanmode = command
alarm = yes
qos = no
message = no
subject =
user =
reccur_directory = no
reccur_directory_level = 10
resetFile = no
initialfileptr = 2
resumefileptr = 4
command_timeout_active = no
command_timeout =
command_severity = 2
command_timeout_alarm = 0
alarmFOpenFail = no
clearFOpenFailRestart = no
monitor_exit_code = No
max_alarm_sev = 5
max_alarms =
max_alarm_msg =
password =
<watchers>
<LineCount>
active = yes
match = /(\d+)/
level = warning
subsystemid =
message = Line count ${count}
i18n_token =
restrict =
expect = no
abort = no
sendclear = no
count = no
separator =
suppid = ${PROFILE}
source =
target =
qos =
runcommandonmatch = no
alarm_on_first_match = no
commandexecutable =
commandarguments =
pattern_threshold_severity = information
pattern_threshold_message =
timeout = 1
pattern_threshold =
expect_message =
expect_level =
regexfromexternalfile = no
patternfilepath =
token =
variable_threshold =
variable_threshold_message =
variable_threshold_severity = information
variable_threshold_supp =
<variables>
<count>
definition = $1
operator = gt
threshold = 16
</count>
</variables>
</LineCount>
</watchers>
</abc_company_df>
</profiles>
Name of profile – SteveD
Trigger definition:
<triggers>
<SteveD>
active = yes
message = /.*HADR.*/
level = information
probe = logmon
visible = 0
</SteveD>
</triggers>
AO Profile:
<hadr_consolidation>
active = yes
action = script hadr_alarm_consolidation
overdue = 20s
message = /.*HADR\sCONNECT\sSTATUS.*/
level = information
probe = logmon
visible = 0
order = 8
break = no
</hadr_consolidation>
LUA script:
alrm = alarm.get()
new_message = ""
buf1 = ""
buf2 = alrm.message
if trigger.state ("SteveD") and trigger.count ("SteveD") >=2 then
print(trigger.count ("SteveD"))
al = trigger.alarms ("SteveD")
if al ~= nil then
for i,a in pairs(al) do
print(a.message)
if a.robot == alrm.robot then
if substr(a.message,"ROLE") then
buf1 = a.message
end
new_source = a.source
action.close (a.nimid)
end
end
new_message = buf1.." "..buf2
print(new_message)
nimbus.alarm(4,new_message,alrm.robot.."-HADR_STATUS","",new_source)
end
end
nas trigger:
nas AO profile which calls the script:
Here is the nas LUA script.
LUA script:
alrm = alarm.get()
new_message = ""
buf1 = ""
buf2 = alrm.message
if trigger.state ("SteveD") and trigger.count ("SteveD") >=2 then
print(trigger.count ("SteveD"))
al = trigger.alarms ("SteveD")
if al ~= nil then
for i,a in pairs(al) do
print(a.message)
if a.robot == alrm.robot then
if substr(a.message,"ROLE") then
buf1 = a.message
end
new_source = a.source
action.close (a.nimid)
end
end
new_message = buf1.." "..buf2
print(new_message)
nimbus.alarm(4,new_message,alrm.robot.."-HADR_STATUS","",new_source)
end
end