SCOM reading Linux Log files and alerting

Question

Gents

I’ve a request in to monitor a specific Linux system. Specifically they are wanting to use SCOM to interrogate a log file (plain text) and for SCOM to do a line count.

This count will be the number of hits on a site and in turn they would like an alert generating if it goes beyond 20,000.

Is it possible through SCOM ?

Regards,
Ravi

Answer 1

Hi,

Yes this is possible in SCOM, you could create a shell script and provide the logic in the script that checks the line count in the log file, or you could use the following management pack:
UNIX/Linux LogFile Monitoring Library MP

Here's a blog article from the author of the management pack:
Lifting limitations for monitoring UNIX/Linux LogFiles using SCOM

The following articles may also be of help:
SCOM 2012 - UNIX/Linux Monitoring with Scripts

SCOM 2012 – Linux Two-State Monitor With “Script In Script”

---

(If the reply was helpful please don't forget to accept as answer, thank you)

Best regards,
Leon

Answer 2

Hi,

As Leon suggested, we may use a script to achieve this. Below is an example to do this:

At linux server side,
1, create a .sh file
touch /tmp/countline.sh
2, enter the command line to count the match line and save it, for example,
vi /tmp/countline.sh
grep remote.example.com /tmp/test.log
:wq
3, grant the execute permission for the .sh file
chmod +rx /tmp/countline.sh

At scom server side, create a monitor based on the shell script

For more detailed steps, we may refer to this article:

https://www.stefanroth.net/2012/10/21/scom-2012-linux-two-state-monitor-with-script-in-script/

Hope the above information helps.

Regards,

Alex Zhu