products:promonitor:6.8:monitorsguide:sybase:sybaseerrorlogs

Sybase error logs

Purpose

Errors logs is useful to detect problems and investigate their causes. This monitor will watch error logs and can report any specific or repetitive message.
You will be notified as soon as a problem starts happening.

Configuration hints

Surveillance table:

  • This is a table of rules that you can use to configure and customize the configuration.
  • Each line of the table will define a rule of monitoring.
  • You can combine multiple rules to cover different cases.
  • This monitor will look for log lines that happened within a period of time.
  • With the rule filters, you can count the number of logs higher than a given severity, or matching a given message pattern. In COUNT mode.
  • An alarm will be generated if the total number of logs matching the filters is reaching a threshold.
  • In FORWARD mode, any log message matching the filter will be included in the alarm message.

Minimum severity:

  • Error log message are associated to a severity.
  • This filter will define the minimum severity of the log messages that we want to match.

Log message:

  • A filter to match a specific text pattern in the message.
  • Regular expressions as well as white/black lists can be used. Set '*' to match any.

Max messages:

  • The maximum number of log messages. If reached, an alarm will be triggered.
  • Use the multi-threshold syntax to set multiple threshold/severity associations: G2W:80 W2M:85 (Green To Warning, Warning To Major, etc…).
  • Set 0 in the field if unused

Mode:

  • In COUNT mode: The alarm will report how many log messages matched the filter
    • Example: 183 error log(s) (>=2) with a minimum severity of 16
  • In FORWARD mode:</u> Each message occurring more than threshold will be reported in an alarm
    • Example: 82 occurrence(s) (>=2) of message [Begin processing to generate RSA keypair.]

Period:

  • Will fetch the logs since the last configured number of minutes.
  • If set to 0, it will look for logs that occurred since the last check.

Rules order:

  • Rules are processed following their order in the table.
  • In this monitor, every log message will be processed by each rule, even if it has been matched previously.

Surveillance table

ParameterDescription
ActiveIf checked, the rule is enabled and will be processed
ModeAlerting modes, COUNT will count the number of logs matching the filter, FORWARD will count the occurrence of each individual log message.
Minimum log severityThe minimum severity of the log to take into account
Log messageA text pattern to match the log message, can use regular expressions, white/black lists
Max messagesThe threshold for the maximum number of messages matching the filters. Use multi-threshold syntax.
Period (Min)The number of minutes to look for logs in the past. If set to 0, will look for logs occurred since the last check
Auto clearIf set, clears the alarms that are no longer generated.
Alarm tagThis field allows to add custom text within the alarm message. %MSG% variable will contain the actual generated message and can be used such as: “my_prefix %MSG% my_suffix”. By default, tag will be used as prefix.
AlarmDefines if the alerting is active for this rule.
MetricDefines if the metric generation is active for this rule.
ReportIf checked, this rule will be used for showing threshold and severity in the daily report

Examples

ActiveModeMinimum log severityLog messageMax messagesPeriod (Min)Auto clearAlarm tagAlarmMetricReport
trueCOUNT16*G2W:5060true truetruetrue

Effect : A WARNING alarm is sent if there are 50 or more log messages with a severity equal or greater than 16, in the last 60 minutes

/home/clients/8c48b436badcd3a0bdaaba8c59a54bf1/wiki-web/data/pages/products/promonitor/6.8/monitorsguide/sybase/sybaseerrorlogs.txt · Last modified: 2024/05/01 18:35 (external edit)