locked
SCOM 2012 SP1 - Alert rule/monitor created for Text Logs (CSV) RRS feed

  • Question

  • Hi,

    I have created an Alert Rule and Alert Monitor (from the link https://technet.microsoft.com/en-us/library/hh457567%28v=sc.12%29.aspx?f=255&MSPPError=-2147217396) to read the text from .csv file. The alert Rule did not work, but the Alert Monitor did work, but with some issues explained below.

    The output .csv file contains details as shown below

    HostName

    Server1

    Server2

    The output file (.csv) gets generated by a powershell script, runs every 3 hours via Windows Task Scheduler. The alert monitor generated alerts with 3 different Management servers (We have total 14 Management Servers, like A1-A7 & B1-B7). The alert generated with A1, A4 & B4 as source servers. The powershell script was located on A1 MS.

    I realized that, if the output would be in a better way (as shown below), alerts would be generated for each server.

    HostName, Server1

    HostName, Server2

    Now, I have the below queries.

    If the output is mentioned as above, does the alert generate for each server when checked condition as HostName and in the alert description inserted Param with Param[2]. 

    Whether the alert generates only once in a day, though the output gets generated every 3 hours a day?

    How to get only one alert for each server from only one source (one MS), where the script located?

    Also, the alert getting closed automatically after 2-3 hours, though it was created as manual reset.

    And, not sure, why the Alert rule not generating the alert.


    Thanks & regards, Naren.



    • Edited by NarenSV Friday, June 17, 2016 6:46 AM
    Thursday, June 16, 2016 3:57 PM

Answers

  • Hi Sir,

    >>If you have any idea on how to generate alert rule/monitor for each server,

    No ,we can not do that .

    AFAIK , what you have done is the best way .

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com .


    • Edited by Elton_Ji Monday, June 20, 2016 2:20 PM
    • Marked as answer by NarenSV Tuesday, June 21, 2016 3:37 PM
    Monday, June 20, 2016 2:20 PM

All replies

  • Hi Naren,

    I would recommend to look into the NiCE LogFile Monitoring Management Pack. It is designed to look into text files and provides very good predefined monitors. Here is an example: https://stefanroth.net/2014/02/24/scom-2012-nice-log-file-library-mp-monitoring-robocopy-log-file/#more-4190

    Regards,

    Natascia

    http://systemcentertipps.wordpress.com

    Friday, June 17, 2016 7:53 AM
  • Hi Naren,

    fully agree with Natascia on this one. Make it as simple as possible, take your time and test the NiCe Management pack, the best thing is that it is for free. It is pretty good indeed, so you might save lots of time....

    Regards,


    Stoyan (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!)

    Friday, June 17, 2016 7:57 AM
  • Thank you Both Stoyan & Natascia for the MP suggestion. I will test the mentioned free MP in our Pre-Prod environment and then mark and vote.

    Thanks & regards, Naren.

    Friday, June 17, 2016 11:37 AM
  • Hi NarenSV,

    >>If the output is mentioned as above, does the alert generate for each server when checked condition as HostName and in the alert description inserted Param with Param[2]. 

    I agree with you :

    "Params/Param[1] is the first field of the delimited file; Params/Param[2] is the second field of the delimited file, and so forth."

    https://support.microsoft.com/en-us/kb/2691973

     

    >>Whether the alert generates only once in a day, though the output gets generated every 3 hours a day?

    Monitor is different than Rule , one monitor only create one alert until the alert is resolved .

    ( alert won't be resolved  until "timer-reset" or "manual-reset" or "event-reset" changed the monitor health state if you configured "automatically resolve alert" ).

    But these reset methods doesn't cover your needs "only once in a day ".

    As a workaround you may run a script in task schedule to reset the alert created by that monitor at the end of a day .

     

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com .

    Monday, June 20, 2016 7:00 AM
  • Hi Elton,

    Thanks for the details. I had created both Rule & Monitor and felt Rule would be much better. The rule is generating alert once in a day only. But the alert is not getting generated for each server. Hence, I have included the entire output (i.e. all servers) in the description, which serves the need currently :).

    If you have any idea on how to generate alert rule/monitor for each server, that would be great.

    Also, can we put a condition that if the file size is 0 or no records in the file, then alert should not be generated.


    Thanks & regards, Naren.

    Monday, June 20, 2016 1:05 PM
  • Hi Sir,

    >>If you have any idea on how to generate alert rule/monitor for each server,

    No ,we can not do that .

    AFAIK , what you have done is the best way .

    Best Regards,

    Elton


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com .


    • Edited by Elton_Ji Monday, June 20, 2016 2:20 PM
    • Marked as answer by NarenSV Tuesday, June 21, 2016 3:37 PM
    Monday, June 20, 2016 2:20 PM