Configuring logmon to monitor file and raise an alert based on the modification date
Article ID: 431159
Updated On:
Products
Issue/Introduction
This article describes the configuration steps for the following use case scenario:
- A failure file gets updated with exactly the same content every time the failure occurs
- The only thing that gets changed is the "modification date" of the file
- You want to set up a monitoring for this file and raise a unique alert when it gets updated
Resolution
1. Set up in the watcher profile (full_time mode).
2. In the "alarm" tab of the watcher profile, configure the suppression key that will help NAS recognize that these alerts come from the corresponding logmon profile.
In this example, the following suppression key has been configured: "logmon failure profile"
3. In another step, please create a LUA script in the NAS configuration as follows:
if event.supp_key == "logmon failure profile" then
local ts = os.date("%Y%m%d_%H%M%S")
event.supp_key = event.supp_key .. "_" .. tostring(ts)
end
return event
4. The last step involves creating a NAS pre-processing rule that will pick up an alert before it reaches NAS, and execute a previously created script on it. .
Select the following parameters:
- In Filter type, select "custom".
- select all severity levels, or only those that you are interested in
- In the Suppression Key section, enter the suppression key that was configured in the watcher profile and script
- In the "custom script", select the previously created script.
Every time the file gets modified, the LOGMON probe will generate an alarm with the suppression key "logmon failure profile" - next, the nas pre-processing rule will pick this up (based on the matching criteria), and modify the suppression key by adding the current OS timestamp to the suppression key. Thanks to this, you will receive a unique alert every time the specified file gets modified, with the exact timestamp.
Feedback
