How can we monitor OS Server Reboots on Linux using DX UIM?

In windows we are raising an alert if a certain event is seen in the event log (using ntevl probe). How can we achieve this in Linux? 

DX UIM 20.4.* / DX UIM 23.4

Guidance

To monitor Linux server reboots you can monitor some logs, using the logmon probe, in Linux where reboots are logged:

Examples of logs you can monitor with logmon: 

•  On Linux systems, the windows equivalent event to indicate that the server has been rebooted can typically be found in the system logs, particularly in the syslog or journal logs.

In systems that use syslog, you might look for a line similar to:

Feb 29 12:00:00 hostname systemd[1]: System rebooted.

•  In systems that use systemd, you might see:

Feb 29 12:00:00 hostname systemd[1]: Started Reboot.

These logs can usually be found in /var/log/syslog or /var/log/messages for syslog-based systems, or you can use the journalctl command for systemd-based systems.

To check for the reboot event, you can use commands like:

grep "System rebooted" /var/log/syslog

OR:

journalctl | grep "System rebooted"

These commands will search for lines indicating the system has been rebooted in the system logs.

•  an alternative locations you can check for system logs:

Systemd journal: On systems using systemd, you can use the journalctl command to view system logs. You can look for reboot events by running:

journalctl --list-boots

This command will list all boot entries, allowing you to see when the system was last rebooted.

An alternative approach is measuring uptime and comparing uptime and raising alarms based on that.:

How can I monitor system uptime? (broadcom.com)

Logmon docs :logmon (Log Monitoring) Release Notes (broadcom.com)