none
OpsMgr 2012 SP1 read log text

    Question

  • Hi folks

    I'm trying to monitor a file called AUDIT, this file has the file extension is not a txt.
    I created a monitor of type Text Log -> Event Reset.
    Added the directory [d: \ itautec] and Pattern: [audit].
    In expression first added as follows:
    Parameter name: Params / Param [1]
    Operator: Contains
    Value: Host Line 2 connected

    In second generic log put the same information mentioned above and Second Expression configured as follows:

    Parameter name: Params / Param [1]
    Operator: Contains
    Value: Hos line 2 failed to connect

    This monitor is disabled it, and I added the computers that I want to monitor.

    Only that is not working, can someone help me with this issue and point out what I'm doing wrong? or if I should use another form.

    Thank you


    Wilsterman Fernandes

    Wednesday, December 04, 2013 3:09 PM

Answers

  • Hi Juke,

    Thank you for replay...

    To solve the problem, I had not put the file extension Juke, made the fllowing configuration:

    In monitors, pointed to scope, and selected Windows Computer, expand Entity Health, Availability and clicked right, create a monitor, type Unit Monitor ...

    Monitor type, choose Text Log, Simple Event Detection, Event Reset. I chose a management pack that had already created.

    In General Properties, put a name to my monitor, eg AUDIT, added a description in Monitor Windows Computer target left, Parent Monitor Availability and uncheck the option Monitor is enabled.

    Added the directory [d:\ itautec] and Pattern:[audit].
    In expression first added as follows:

    OR group (any of these is true)

    Paramenter Name: Params/Param[1]

    Operator: Matches regular expressions: line.+failed

    and as I am using group, I used a second regular expression:

    Params/Param[1]

    Matches regular expressions: line.+desconnected. Follow the wizard to complete the creation of the monitor, and waited ... At this point, our Watcher machine will download the management pack again with
    the newly created override, and apply the new config.

    Thanks


    Wilsterman Fernandes

    Sunday, December 08, 2013 2:48 PM

All replies

  • The pattern needs to be the file's extension with or without a wildcard file name like:

    audit.txt or *.txt.


    Juke Chou

    TechNet Community Support

    Thursday, December 05, 2013 4:25 PM
    Moderator
  • Hi Juke,

    Thank you for replay...

    To solve the problem, I had not put the file extension Juke, made the fllowing configuration:

    In monitors, pointed to scope, and selected Windows Computer, expand Entity Health, Availability and clicked right, create a monitor, type Unit Monitor ...

    Monitor type, choose Text Log, Simple Event Detection, Event Reset. I chose a management pack that had already created.

    In General Properties, put a name to my monitor, eg AUDIT, added a description in Monitor Windows Computer target left, Parent Monitor Availability and uncheck the option Monitor is enabled.

    Added the directory [d:\ itautec] and Pattern:[audit].
    In expression first added as follows:

    OR group (any of these is true)

    Paramenter Name: Params/Param[1]

    Operator: Matches regular expressions: line.+failed

    and as I am using group, I used a second regular expression:

    Params/Param[1]

    Matches regular expressions: line.+desconnected. Follow the wizard to complete the creation of the monitor, and waited ... At this point, our Watcher machine will download the management pack again with
    the newly created override, and apply the new config.

    Thanks


    Wilsterman Fernandes

    Sunday, December 08, 2013 2:48 PM