How to generate separate alarms based on logmon profile command results (numeric)
search cancel

How to generate separate alarms based on logmon profile command results (numeric)

book

Article ID: 273614

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

This KB Article describes how to generate alarms using a logmon profile configured to use command mode, only if the command result exceeds the configured threshold for a defined logmon variable, e.g., in this case when a numeric value (the result of the command) is greater than or equal to the value. Moreover, the result of the command (the value) may differ.

Environment

  • Release: 20.4 CU7
  • logmon: 4.50 or higher

Cause

  • Guidance with logmon configuration

Resolution

  1. Via the Infrastructure Manager (IM), open the logmon probe GUI

  2. Right-click and select new to create a new logmon profile

  3. Fill-in the profile settings shown below:

    mode: command
    command: <enter your command here>

    For example: using the command below, will return the number of file descriptors by the root user
     
    count=0;for pid in `ps -ef | grep root | grep -v grep | awk '{print $2}'` ; do let count=$count+`ls /proc/${pid}/fd | wc -l` ; done ; echo $count





    Note: make sure 'Generate Alarm" option is selected.

  4. Select Watcher Rules tab

  5. Create a new rule, and select the standard tab

  6. Fill-in the settings shown below:

    Match expression: /^(?:[1-9]|\d\d\d*)$/

    Message to Send on Match    : <enter your message here> example File descriptor is outside the expected value, Current value is ${descriptor_count}

    Select the message severity from the dropdown box, e.g., major



  7. In the Watcher rule, select the Variables tab and rt-click to create a new entry

  8. Select the Variable settings that work with your command

    Note: make sure to set the Expected value, as the condition here is the expected value, and the alarm will only be generated when the command output is outside the expected value or value range, <= >=, =



    In the example used in this KB, the expected value is set to less than or equal to 300, so an alarm will be generated when the value is more than 300.

  9. Click Apply the changes and monitor the alarms.

  10. A major alarm was generated because the result of the command was 343, which doesn't match the 'expected' value set in Step 8 (<=300)..

Powered by Wolken Software