question

RaviBhushan-3339 avatar image
0 Votes"
RaviBhushan-3339 asked AlexZhu-MSFT commented

SCOM reading Linux Log files and alerting

Gents

I’ve a request in to monitor a specific Linux system. Specifically they are wanting to use SCOM to interrogate a log file (plain text) and for SCOM to do a line count.

This count will be the number of hits on a site and in turn they would like an alert generating if it goes beyond 20,000.

Is it possible through SCOM ?

Regards,
Ravi

msc-operations-manager
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeonLaude avatar image
0 Votes"
LeonLaude answered LeonLaude edited

Hi,

Yes this is possible in SCOM, you could create a shell script and provide the logic in the script that checks the line count in the log file, or you could use the following management pack:
UNIX/Linux LogFile Monitoring Library MP

Here's a blog article from the author of the management pack:
Lifting limitations for monitoring UNIX/Linux LogFiles using SCOM

The following articles may also be of help:
SCOM 2012 - UNIX/Linux Monitoring with Scripts

SCOM 2012 – Linux Two-State Monitor With “Script In Script”


(If the reply was helpful please don't forget to accept as answer, thank you)


Best regards,
Leon


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexZhu-MSFT avatar image
0 Votes"
AlexZhu-MSFT answered AlexZhu-MSFT commented

Hi,

As Leon suggested, we may use a script to achieve this. Below is an example to do this:

At linux server side,
1, create a .sh file
touch /tmp/countline.sh
2, enter the command line to count the match line and save it, for example,
vi /tmp/countline.sh
grep remote.example.com /tmp/test.log
:wq
3, grant the execute permission for the .sh file
chmod +rx /tmp/countline.sh

18569-scom-linux-monitor.png

At scom server side, create a monitor based on the shell script

For more detailed steps, we may refer to this article:

https://www.stefanroth.net/2012/10/21/scom-2012-linux-two-state-monitor-with-script-in-script/

Hope the above information helps.

Regards,

Alex Zhu



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is there any chance for us to test this in our environment?

0 Votes 0 ·