In SAM how to monitoring Real Time update linux / UNIX log file with "keyword / string " ? Any Template ?
Have you tried using the following application template?
Log Parser (Perl)
I have test this template , is NOT work of we want result .
The real time update log is applicaton log , we want to monitor when the applaction log appear "Alert"[keyword/string] message .
Example : "we create a testing log file for testing the template Found string in # position] show as below "
Thu Aug 31 11:40:01 HKT 2017 : first line [Test]\nsecond line [lert]\nthird line [Wait]\n
Thu Aug 31 11:45:01 HKT 2017 : first line [Test]\nsecond line [lert]\nthird line [Wait]\n
Thu Aug 31 11:48:01 HKT 2017 : first line [Test]\nsecond line [Alert]\nthird line [Wait]\n
Thu Aug 31 11:50:01 HKT 2017 : first line [Test]\nsecond line [lert]\nthird line [Wait]\n
Thu Aug 31 11:55:01 HKT 2017 : first line [Test]\nsecond line [lert]\nthird line [Wait]\n
Thu Aug 31 12:00:01 HKT 2017 : first line [Test]\nsecond line [lert]\nthird line [Wait]\n
Thu Aug 31 12:00:01 HKT 2017 : first line [Test]\nsecond line [Alert]\nthird line [Wait]\n
Thu Aug 31 12:05:01 HKT 2017 : first line [Test]\nsecond line [lert]\nthird line [Wait]\n
Thu Aug 31 12:10:02 HKT 2017 : first line [Test]\nsecond line [lert]\nthird line [Wait]\n
When NEW line appear " Alert " , NO action response on SAM .
We find , the log write new line with "Alert" message , with Critical state . when the log write other new line without "Alert" , the Critical will be change to UP status , without "acknowleged" .
We want , the log write new line with "Alert" message , with Critical state , when We "acknowleged" , and change to "normal/up" status . Also new line without "Alert" write to the log .
have any setting can do this alert event ?
