We have set up a logmon probe to interrogate a log and I am keying in on a service state changes of Inactive and Active.  My work mates want a 5 minute delay factored in.  If the service reports an inactive state, they want to wait 5 minutes before alerting in case it goes back into the active state.  That is proving tricky.  We have tried working with the Variables in the probe and have tried working the issue through the NAS, but it is not working.  

• DX UIM 23.4 CU2

• logmon configuration guidance

Custom solution provided via logmon probe to read the log extract for testing, and generate an alarm after a configurable time period based on state changes.

The logmon profile parses the log for service state, e.g., 'Inactive' versus 'Active'

A particular dept. requested a 5-minute delay factored in before the alarm is generated.

If the service reports an Inactive state, they want to wait 5 minutes before alerting in case it goes back into the Active state. 

This solution addresses two case scenarios:

1. The service completely stops on the primary cluster and that needs to be reported
2. The service could appear to be down for a few seconds during a database backup so they want the 5-minute delay before alerting in this case.

If the service goes down, (becomes INACTIVE) or there is an sql db backup and the service goes down for only a few seconds, and it's still down, and there is no clear alarm, then after

log extract example:

'<service_name> changed state to INACTIVE

'<service_name>' changed state to ACTIVE

logmon: 2  watcher profiles:

• '<service_name>' Inactive
• '<service_name>' Active

Script/files attached. Store them in the logmon folder.

updatestatus.bat:

@"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Add-Content -Path 'current_state.txt' -Value ('%~1-' + [int][double]::Parse((Get-Date -UFormat %%s)))"

validate.bat:

To test you can set the seconds lower, e.g., 125.