This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 72%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
We are running SCOM 2019 UR2
I'm using the MS documentation to create a logfile monitor for Unix/Linux servers. -
https://learn.microsoft.com/en-us/system-center/scom/unix-linux-logfile?view=sc-om-2019
I created the monitor and successfully tested for the text, "Error". The test shows a green check as successful.
Our Linux admins even check the log and there are instances of the word "error" in the log.
But for some reason SCOM never creates an alert?
The Linux admins even cleared the log, created a new "error", and still no alert?
I applied the monitor to a single server and it did not work. I even created a group, added the single server to the group, applied the group to the monitor and still no alert?
I must me doing something wrong.
has anyone experienced this issue and if so, what was your fix? Any suggestions as to what I am doing wrong?
Thank you in advance for any assistance with this frustrating instance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 0%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hi,
I am having exactly the same problem. Did you get it working in the end?
The log file gets updated every morning with the words 'failed backup'.
i am trying to get it to alert with the word 'failed' in the expression field. But it just doesn't alert and there is nothing in the Operation manager logs. The log file path/name is always the same. I am targeting only this one server.
I ran a trace log on the unix device and I can see the request from the log file provider and the log file path ,so its doing something and this entry is generating every 5 minutes. But I have no idea why it's not working.
Please help!!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 66%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi,
The UNIX/Linux log file monitor cannot handle wildcards. The log file name must be fixed, that is, we can only monitor a single file. Do we monitor multiple files, if so, it may not work.
The monitors created from out-of-box template have the following limitations and we may check if all the conditions are met.
It only works well with certain behavior of the log file
It only works with one log file
It doesn't actually suppress alerts corresponding to entries logged during maintenance mode; the alerts come anyhow soon after maintenance window ends
Alex
If the response is helpful, please click "Accept Answer" and upvote it.
Hi,
It seems there is no update for a couple of days. May we know the current status of the problem? Or is there any other assistance we can provide?
Regards,
Alex
If the response is helpful, please click "Accept Answer" and upvote it.
Thank you, Alex!