Unix/Linux Log File monitoring - 2 stage event reset monitor


  • Hi, I am after some advice please.

    SCOM 2012R2.

    Monitoring a Unix/Linux logfile using a 2 stage event reset > log files > text log monitor.

    Same log file for both expressions.

    First expression contains SCOM ERROR

    Second expression Contains SCOM CLEAR

    It alerts on first expression but doesn't go critical, it also alerts on second expression but doesn't clear the alert.

    I think it is down to the "Parameter Name" building the first and second expressions.

    What should I have as the "Parameter Name" it is finding my value though.

    Basically I am reading a log file.  I want to alert when log contains SCOM ERROR DISK1 OUT OF SPACE for example and then clear the alert when log contains SCOM CLEAR DISK1 OUT OF SPACE.

    Any help appreciated.



    Tuesday, March 21, 2017 3:19 PM