Using a Generic Text Log rule to monitor an ASCII text file – even when the file is a UNC path

re: Using a Generic Text Log rule to monitor an ASCII text file – even when the file is a UNC path

RogerM — Sat, 20 Jun 2009 12:37:45 GMT

Excellent example, thanks!

One comment on Alert Supression though.

Does not Parameter 1 equal Params/Param[1] (the entire line)?

If so, for alert supression to work, the line would have to be exactly the same. A date or timestamp will prevent supression to happen.

Regards

Roger

re: Using a Generic Text Log rule to monitor an ASCII text file – even when the file is a UNC path

Lee Nicoll — Sat, 20 Jun 2009 22:22:37 GMT

Nice work. Quick question. Does the SCOM Agent on th Watcher node need to be running under a Network account?

re: Alert Supression

kevinhol — Sat, 20 Jun 2009 22:30:12 GMT

"One comment on Alert Supression though.

Does not Parameter 1 equal Params/Param[1] (the entire line)?

If so, for alert supression to work, the line would have to be exactly the same. A date or timestamp will prevent supression to happen."

-------------------

Yes - Parameter 1 equals that - therefore - my example would supress anytime the line that matched was identical. Typically - this is correct. If the line isnt identical - then it will be a different alert. If that is not desirable - then remove Param 1.

re: Network Account?

kevinhol — Sat, 20 Jun 2009 22:32:12 GMT

No - in my example - I used an agent using Local System.... which is an "Authenticated User" and therefore had access to this share. THis specific share had share permissions of Everyone-FullControl, and NTFS permissions of Everyone-Read.

If your share or NTFS permissions are more strict - then make sure you grant the computer account of the agent access to both share and NTFS, or run the agent under a domain user account, which has access to the share/NTFS.

re: Using a Generic Text Log rule to monitor an ASCII text file – even when the file is a UNC path

Desmond — Fri, 17 Jul 2009 05:16:29 GMT

Nice work. Just curious. Is it possible to set the Rule Target to specific machine/server rather than a class of machines?

re: Targeting

kevinhol — Fri, 17 Jul 2009 20:39:04 GMT

Yes and No.

A rule/monitor workflow MUST target a class. Period. End of story.

However - we have two options here:

1. Target a generic class, like Windows Operating System - then disabled, then override as enabled for my one specific object. This is the example I used above.

2. Create a new class, using WMI/Registry provider for example, and make only the one special computer I want to be a discovered instance of that class... then target that class (much more complicated)

re: Using a Generic Text Log rule to monitor an ASCII text file – even when the file is a UNC path

Richard — Mon, 24 Aug 2009 10:20:52 GMT

Excellent post, although I am having one strange problem, the log reader works 100% and the alerts are correct, but the system seems to randomly alert off the same line in the log file over and over again, what could I have done wrong to get this happening?

re: Using a Generic Text Log rule to monitor an ASCII text file – even when the file is a UNC path

Babu — Thu, 27 Aug 2009 09:10:29 GMT

i got error for the path "C:\SummitCfAdapter\PROD\SummitCfAdapter-LOH-PROD\log\SummitCfAdapterMaster.log" Error opening log file directory Event ID's 31705,31707

Please help

re: errors

kevinhol — Thu, 27 Aug 2009 09:13:37 GMT

Please post more details from the events you are getting - I dont know what those event ID's are.

re: Using a Generic Text Log rule to monitor an ASCII text file – even when the file is a UNC path

Babu — Thu, 27 Aug 2009 09:16:27 GMT

i got error for the path "C:\SummitCfAdapter\PROD\SummitCfAdapter-LOH-PROD\log\SummitCfAdapterMaster.log" Error opening log file directory Event ID's 31705,31707

Error description

"Error opening log file directory

Directory =

C:\SummitCfAdapter\PROD\SummitCfAdapter-LOH-PROD\log

Error: 0x80070003

Details: The system cannot find the path specified."

but when I change path to "C:\SummitCfAdapter\PROD" it works fine.

is it because of "-" in the file path.

I'hv tried enclosing path in the double and single quote also but the got error "The filename, directory name, or volume label syntax is incorrect."

re: Using a Generic Text Log rule to monitor an ASCII text file – even when the file is a UNC path

Babu — Thu, 27 Aug 2009 10:58:24 GMT

thanks kevin for your quick reply. Dont know how but it is working now. not changed anything just restarted the health service and it is working.

re: Using a Generic Text Log rule to monitor an ASCII text file – even when the file is a UNC path

VRKumar — Sun, 04 Oct 2009 12:08:00 GMT

Thanks Kevin for the excellent example.

i have a problem as i fallowed excatly the steps you mentioned but it is not giving me any output.

the path i tried 2 ways

\\localhost\d$\product

d:\product\

file name is company.log

is their a way to find if the rule is working or not?????

-VRKumar