- Install Promonitor
Errors logs is useful to detect problems and investigate their causes. This monitor will watch error logs and can report any specific or repetitive message. You will be notified as soon as a problem starts happening.
Surveillance table: This is a table of rules that you can use to configure and customize the configuration. Each line of the table will define a rule of monitoring. You can combine multiple rules to cover different cases. This monitor will look for log lines that happened within a period of time. With the rule filters, you can count the number of logs higher than a given severity, or matching a given message pattern. In COUNT mode, an alarm will be generated if the total number of logs matching the filters is reaching a threshold. In FORWARD mode, any log message matching the filter will be included in the alarm message.
Minimum severity: Error log message are associated to a severity. This filter will define the minimum severity of the log messages that we want to match.
Log message: A filter to match a specific text pattern in the message. Regular expressions as well as white/black lists can be used. Set '*' to match any.
Max messages: The maximum number of log messages. If reached, an alarm will be triggered. Use the multi-threshold syntax to set multiple threshold/severity associations: G2W:80 W2M:85 (Green To Warning, Warning To Major, etc…). Set 0 in the field if unused
<ul> <li><u>In COUNT mode:</u> The alarm will report how many log messages matched the filter</li> <li>Example: 183 error log(s) (>=2) with a minimum severity of 16</li> <li><u>In FORWARD mode:</u> Each message occurring more than threshold will be reported in an alarm</li> <li>Example: 82 occurrence(s) (>=2) of message [Begin processing to generate RSA keypair.]</li> </ul>
Period: Will fetch the logs since the last configured number of minutes. If set to 0, it will look for logs that occurred since the last check.
Rules order: Rules are processed following their order in the table. In this monitor, every log message will be processed by each rule, even if it has been matched previously.
|Active||If checked, the rule is enabled and will be processed|
|Mode||Alerting modes, COUNT will count the number of logs matching the filter, FORWARD will count the occurrence of each individual log message.|
|Minimum log severity||The minimum severity of the log to take into account|
|Log message||A text pattern to match the log message, can use regular expressions, white/black lists|
|Max messages||The threshold for the maximum number of messages matching the filters. Use multi-threshold syntax.|
|Period (Min)||The number of minutes to look for logs in the past. If set to 0, will look for logs occurred since the last check|
|Auto clear||If set, clears the alarms that are no longer generated.|
|Alarm tag||This field allows to add custom text within the alarm message. %MSG% variable will contain the actual generated message and can be used such as: “my_prefix %MSG% my_suffix”. By default, tag will be used as prefix.|
|Alarm||Defines if the alerting is active for this rule.|
|Metric||Defines if the metric generation is active for this rule.|
|Report||If checked, this rule will be used for showing threshold and severity in the daily report|
|Active||Mode||Minimum log severity||Log message||Max messages||Period (Min)||Auto clear||Alarm tag||Alarm||Metric||Report|
Effect : A WARNING alarm is sent if there are 50 or more log messages with a severity equal or greater than 16, in the last 60 minutes