Sign in
 
Home2012Previous VersionsLibraryForumsGallery
System Center TechCenter >
Email notification for particular string from log file (CSV and Text) files from SCOM 2007 R2.

Answered Email notification for particular string from log file (CSV and Text) files from SCOM 2007 R2.

  • Tuesday, May 29, 2012 6:55 AM
     
     
    Sign In to Vote
    0

    Hi All,

    I want to get Email notification from SCOM 2007 R2 if the monitoring found a particular sting in log file both (CSV and Text) files.

    how to acheive this..

    please suggst me.

    Thanks,

    Aslam

     

All Replies

  • Tuesday, May 29, 2012 2:54 PM
     
     Proposed Answer
    Sign In to Vote
    0

    1. Create a Alert generate rule for monitor particular sting in log file

        * pls. refer to http://blogs.technet.com/b/schadinio/archive/2010/07/20/scom-how-to-monitor-new-line-entries-in-a-log-or-text-file-using-opsmgr-2007.aspx for how to create a log file monitor

    2. Create a subscription rule for this alert

        * In the subscription criteria: select create by specific rules or monitors and then select the rule which you create in step 1

        * select appropriate subscriber  and email channel

    roger

     
  • Wednesday, May 30, 2012 5:53 AM
     
     
    Sign In to Vote
    0

    Hi,

    Thanks for your kind response.

    when i was trying to create as the link u suggest but when i am specifying the path of th log what path i have to specify (Network path or general path). Even i tried with both paths but i am not getting in next screen as the link having.

    A new Entry was detect in the c:\log\bader.log

    Logfile Directory : $Data/EventData/DataItem/LogFileDirectory$
    Logfile name: $Data/EventData/DataItem/LogFileName$
    String:  $Data/EventData/DataItem/Params/Param[1]$

    this is my screen. where i am not getting above values.

    Thanks,

    Aslam

     
  • Wednesday, May 30, 2012 6:13 AM
    Moderator
     
     
    Sign In to Vote
    0

    The path to the log you specify depends on how you create your monitor. FOr instance, lets say you create a monitor that targets windows computer or windows server xxxx operating system (the last one would be better). IN that case you use the normal path where those log files are to be found (c:\log\blabla.log). If this only relates to one or two servers where this log lives, you could still create the monitor as a disabled monitor. And later create a group of servers including those two servers and override the monitor to set it to enabled=true. That prevents all your other machines from complaining they cant find the log file.

    The Alert Name is something you can just type there in the alert name field.

    The other fields you can paste into the alert description field. If you want to select those $Data/blablabla$  fields you can use the "..." button next to the field and find what you are looking for. The description is something you fill yourself. You can use text and after that you can insert the $Data/blabla$ entries.

    Bob Cornelissen - BICTT (My Blog about SCOM) - MVP 2012 and Microsoft Community Contributor 2011 Recipient

     
  • Wednesday, May 30, 2012 7:43 AM
     
     
    Sign In to Vote
    0

    Hi all,

    I Created and i change the log file but still i am not getting alerts.

    where to find those alerts in scom. i search in health explorer of the server but i am not able to find that rule in.

    please suggest me.

    Thanks

    Aslam

     
  • Wednesday, May 30, 2012 9:13 AM
    Moderator
     
     
    Sign In to Vote
    0

    in monitoring pane in alerts view. make sure you are showing all alerts and not filtered by time or type.

    Bob Cornelissen - BICTT (My Blog about SCOM) - MVP 2012 and Microsoft Community Contributor 2011 Recipient

     
  • Wednesday, May 30, 2012 11:28 AM
     
     
    Sign In to Vote
    0

    no..I am not finding any alerts.

    Thanks

    Aslam Khan

     
  • Wednesday, May 30, 2012 2:12 PM
     
     
    Sign In to Vote
    0

    1. What is the value of Application log Data source and Build event Expression?

         You should make sure that the expression is correct before the scom can generate an alert

    2. The new log data should be append at the end of the file. Otherwise, it will affects the behavior of the rule.

    Roger

     
  • Thursday, May 31, 2012 10:20 AM
     
     
    Sign In to Vote
    0

    I need if below string hit in log file then i want to get alert.

    "JMSConnectionManager.recieveMessage -- > Message = null"

    shoul id put this in value with couts or without couts..

    For this i did this..

     

     
  • Thursday, May 31, 2012 4:19 PM
     
     
    Sign In to Vote
    0

    This is the reason why your alert is not work.you regular expression is in-correct.

    Please refer to the following post for how to use regular expression

    http://blogs.technet.com/b/jonathanalmquist/archive/2010/10/13/regular-expression-syntax-in-scom-for-filtering-groups-monitor-elements-operational-views-notification-subscriptions-etc.aspx

    Roiger

     
  • Sunday, June 10, 2012 6:43 AM
     
     Answered
    Sign In to Vote
    0

    Hai All,

    I need to get email notification for below line found in log file. Then what expression should i have to mention. please suggest me.

    "JMSConnectionManager.recieveMessage -- > Message = null"  shoul id put this in value with couts or without couts..

    Regards,

    Aslam

    • Marked As Answer by Aslam2510 Wednesday, June 20, 2012 8:14 AM
    •  
     
  • Monday, June 11, 2012 4:01 PM
     
     Answered
    Sign In to Vote
    0

    Try the following expression

    parameter Name:Params/Param[1]

    Operator:Contains

    Value: "JMSConnectionManager.recieveMessage -- > Message = null"  shoul id put this in value with couts or without couts

    Roger

    • Marked As Answer by Aslam2510 Wednesday, June 20, 2012 8:14 AM
    •