I need to monitor the output of the ntpstat command. If the result of the command is unsynchronised for consecutive 3 times, then the alert should be created. Using logmon with command mode and the matching expression is unsynchronised but the alert is coming on first instance.I want the alert on 3 consecutive instances where the output is unsynchronised. Is that possible?

Release : 9.0.2

Component : UIM LOGMON

This an approach you can take:

Use nas with logmon

1. logmon sends low severity alarm

2. nas pre-processing rule sets the incoming alarm to Invisible.

3. nas AO profile checks for matching alarms with a count of 3 and generates a NEW alarm and CLOSES the original one via LUA script.

You can check the UIM Community for how to close an alarm via LUA script, for example:

https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?GroupId=1315&MessageKey=02021e6d-8939-4aaf-aa45-1a370e96cfc5&CommunityKey=170eb4e5-a593-4af2-ad1d-f7655e31513b&tab=digestviewer