Share via


Create Unix log file unit monitor in SCOM 2007

We had number of questions for creating a log file monitor based on good and bad expression. What I meant by this is, I want to generate an alert if the entry ERROR is seen in the log and reset to healthy when SUCCESS is seen in the log. so we don't have to manually close it. 

We already have a template to create a log file rule which you should be able to see under rule section, but here we are just trying to create a Unit Monitor. So lets start in a simple way.

Step 1: Install an authoring console from tool kit  Here

 

Step 2: Create a new MP and add below references to it.

  • Microsoft.Unix.Library
  • Microsoft.Unix.LogFile.Library

Rest libraries are already added. So no worries.

Step 3: Go to health model Pane and check Monitors.

Create a new monitor (Custom Unit Monitor)

Step 4: Go to Type LIbrary Pane and right on the blank space to create New composite monitor Type, 

             Name: <Name that you want>, Fill the General Tab

           States: State 1-->healthy and State2-->Critical

            Member Modules: Click on Add, and uncheck Condition detection and Probe action, and select "Log File Datasource" from the list, (2 times as shown below)

    Here GoodExpression and BadExpression are the module ID

 

        Regular: Check good Expression box and select Monitor state output from drop down from 2nd box. Double click on "Complete" which is set to "NO' it will turn to "Yes" as below

         On Demand: leave it as it is

        Configuration Schema: Its difficult to describe, but below should tell you what to do :)

             Overridable Parameters: Create 3 Parameters. 

Step 5:  Name: <name that you want>

             Target: Unix computer

             Parent Monitor: Entity Health <Your wish to select which ever you want>

Step 6: Hit configuration tab and click on Browse where your Monitor type should be “Linux Log File Monitor Type”

            Host :  $Target/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$

            LogFile:  <Your log File location and name>

           GoodRegex:  <Value that makes monitor healthy>

           BadRegex:  <Value that makes your monitor critical or unhealthy>

Step 7: Define your healthy and critical criteria.

Step 8: Define alerting

And you are done.!!

Save this MP and import to your OpsMgr console. Expressions, Log file & location and targets are overridable parameter here.           

Note: This is again a probe based module so defined expression is queried every 5 min. Either that’s a healthy or unhealthy expression. So we have to be patient. So for any state change based on what log has got, it needs to wait for 5 min.

LinuxLogMonitor.xml

Comments

  • Anonymous
    January 01, 2003
    OK, I have attached the MP with this post. hope that helps

  • Anonymous
    January 01, 2003
    I believe step 4 should be done before step 3

  • Anonymous
    January 01, 2003
    Marc, Sorry for the late reply. I have modified with the screenshots. Hope this helps

  • Anonymous
    January 01, 2003
    I have not tried it yet. Will try and post the result.

  • Anonymous
    January 01, 2003
    Thank you so much for this example! One semi-related question: I noticed there is a Microsoft.Unix.WSMan.LogFile.TimedEnumerator data source. Would that be used to make a timer reset monitor for a Unix log file? I couldn't find any documentation on it.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    April 30, 2012
    Thanks for your blog. I cannot find the Linux Log File Monitor Type as described. I have added in the two references you mentioned but there is no monitor called Linux Log File Monitor Type. Please could you help? Thanks Marc

  • Anonymous
    September 10, 2012
    I was working on a similar requirement recently and came up with an extensive step by step documentation for custom management pack to monitor unix text log files using a centally located config file. You can find more details on www.techordian.com Let me know if anyone has any questions and I would be glad to help out. Cheers, Nikhil

  • Anonymous
    May 11, 2013
    How is log rotation handled by SCOM Native Unix  Log file monitoring Data Source?

  • Anonymous
    November 14, 2013
    Chandan.  These instructions look great, but I feel like I am missing something basic.

  1. When creating the Unit Monitor under health model, what parameters shoudl we use to configure it?
  2. When I try to do the Composite monitor under Library, I can't ever find the Log File DataSource.  I see some sources under Unix.Library, and under Windows, but I see nothing referencing Unix.LogFile.Library.  Also, it won't allow me to actually select anything. Any suggestions? Thanks!
  • Anonymous
    May 25, 2015
    Hi Bharti
    very good post
    I need to look for specific text in a file, but unlike the above, I have no bad Expression
    if the text was found, it will be in health state, if not in bad state. any suggestion how to do it?
    thx
  • Anonymous
    July 28, 2015
    Hi Chandan,

    thanks for this article and the MP. I downloaded and imported it to my environment but I did not see this monitor. I have scom 2012sp1 - does it run with it?