Redpeaks V6.8
Trouble shooting
Monitors Guide
Trouble shooting
Monitors Guide
Lot's of problems can be detected by checking the system logs. This monitor gives the possibility to regularly check within a period of time if a given log pattern can be found in sys log. When a problem is detected, you will be notified by an alarm containing the line of logs itself, or a count of lines matching the pattern. This monitor can be very useful if you know the signature of a problem in the logs, to be notified as soon as it occurs. It can also be used to detect an abnormal number critical log lines.
The monitor will look for a specific log level or string patterns in the log message. You can have two kinds of surveillance:
Use the surveillance table to adjust the monitoring settings:
Parameter | Description |
---|---|
Active | Use this field to activate or deactivate a line of configuration. |
Mode | Choose the surveillance mode |
Id | A filter for the line Id of the log |
Sub Id | A filter for the SubId of the line. |
Program | A filter for the program associated with the line. |
String pattern | This field can be used to define the text pattern to look for in the log. Regular expressions can be used, or a coma separated list of strings. |
Exclude Pattern | Use this field to exclude lines following a given pattern. Regular expressions can be used, or a coma separated list of strings. |
Occurrence | In COUNT mode: The threshold for the maximum number of lines matching the filters. In FORWARD mode, the minimum number of (identical) matching lines necessary to forward the line in an alarm. |
Period (min) | Defines how far in the past the probe will look for log lines. If set to 60, it will look for log lines written in the last 60 minutes. |
Severity | The level of severity of the alarm generated by this line of surveillance. |
Auto clear | If checked, the alarm will be cleared as soon as the alarm condition is not met anymore. |
Alarm tag | This field allows to add custom text within the alarm message. %MSG% variable will contain the actual generated message and can be used such as: “my_prefix %MSG% my_suffix”. By default, tag will be used as prefix. |
Alarm | If checked, this line of surveillance will be used for alarm generation. |
Metric | If checked, this line of surveillance will be used for metric generation. |
Report | If checked, this line of surveillance will used for showing threshold and severity in the daily report |
Active | Mode | Id | Sub Id | Program | String pattern | Exclude Pattern | Occurrence | Period (min) | Severity | Auto clear | Alarm tag | Alarm | Metric | Report |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
true | COUNT | * | * | * | CPIC | 5 | 60 | MAJOR | true | true | false | false |
Effect : Sends a MAJOR alarm if 5 or more lines of log contain the string CPIC in the last 60 minutes
Active | Mode | Id | Sub Id | Program | String pattern | Exclude Pattern | Occurrence | Period (min) | Severity | Auto clear | Alarm tag | Alarm | Metric | Report |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
true | FORWARD | * | * | * | CPIC | 5 | 60 | MAJOR | true | true | false | false |
Effect : Computes the numbers of identical lines of log containing the string CPIC. Sends an alarm for each identical line with a count greater or equal to 5.
metricId | metricUnit | metricTarget | metricDescription |
---|---|---|---|
SYSLOG_LINE_OCCURENCE | status | Pattern X on INSTANCE |