The available monitoring profiles are listed on the Monitoring Profiles page
TIP: To display only the log monitoring profiles, in the top-right corner, click View By > Type > Log. To display the monitoring profiles for SNMP trap devices, click View By > Type > SNMP Trap. |
As an example, the default profile for creating alerts for Mac OS X devices indicates that /var/log/system.log is the log that the monitoring function scans, looking for text that would trigger an alert. The following table describes the default search text in the Include Text field and the associated alert levels.
You can add other alerts customized to your operational needs.
The default profiles cover the following supported operating systems:
• |
• |
• |
• |
• |
• |
• |
For devices with Linux operating systems, there are several different log paths for MySQL and Apache logs, depending on the version of the OS. See Profile log paths for MySQL and Apache.
For Agentless devices that are monitored using the SNMP trap mechanism, you need to provide trap message formats and expressions to capture the specific trap elements. See Configure SNMP trap messages and alerting criteria.
In the Log Enablement Packages list page, Quest publishes a base set of Windows Reliability and Performance Monitor (PerfMon) templates and non-Windows open-source Perl scripts, so that users can extend their monitoring capability and identify system and application performance issues. These templates and scripts are available so that users do not have to create them from scratch. Monitoring on the appliance works without these additional templates and scripts, but the profiles that are created from the templates and scripts are helpful if you want to do performance threshold monitoring.
You can change, add, or remove alert criteria and log paths for any existing profile.
If you want to use an existing profile as a starting point for creating a profile, see Create a new profile using a default profile as a template.
To identify events that you want raised as alerts, use strings or regular expressions in Include Text to specify the appropriate message content. For instance, if you enter the string, Physical memory, an alert is raised for every message with that exact string.
To cover multiple possibilities, you can use a regular expression. For example, if you want alerts for any drive mount point that has drive errors, in the form, “Drive /dev/[any drive mount point] has drive errors”, you can use Drive /dev/[a-z]{1,} has drive errors in Include Text. Alerts are raised for any messages that contain "Drive /dev/" followed by any word of any length containing the characters a-z, followed by "has drive errors".
You can exclude specific events from being raised as alerts if you find them unnecessary or distracting. To filter the alerts you do not want to receive, you use Exclude Text to indicate the content that identifies an unwanted alert. You can use Exclude Text to filter whole categories of alerts, or use Exclude Text in conjunction with Include Text to refine a subset of an alert category. See Examples of Include Text and Exclude Text for monitoring profiles.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
2. |
Select the check box for the existing profile that you want to edit, and select Choose Action > Edit to display the Profile Detail page. |
3. |
NOTE: If you are editing one of the default profiles, you cannot make any change to the Add Automatically To field. |
4. |
◦ |
1. |
◦ |
1. |
◦ |
◦ |
SNMP traps only. Create a Service Desk ticket automatically each time the appliance receives a specific SNMP alert. |
▪ |
On the line containing an SNMP include and exclude filter (as configured), in the Create Ticket column, click Select Queue, and select a ticket queue that you want to use to create a Service Desk ticket. The appliance will create a Service Desk ticket in the specified ticket queue when it receives an alert resulting from the specific include filter. The device associated with the alert will appear selected in the Service Desk ticket. The name and summary of the event that triggered the SNMP alert will appear in the ticket details. For more information about Service Desk tickets, see Managing Service Desk tickets, processes, and reports. |
◦ |
Change the alert Level. |
1. |
2. |
In the Level drop-down list, select the level from among the five choices: Critical, Error, Warning, Info, and Recovered. |
1. |
5. |
NOTE: You can return a default profile to factory settings for its operating system by using the Reset to Factory Settings button at the bottom of the page. |
You can configure SNMP trap messages and the alerting criteria using the Profiles page.
• |
• |
You can configure SNMP trap messages and the alerting criteria using the Profile Detail page.
You can include or exclude certain events from being detected, as needed.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
◦ |
◦ |
◦ |
To duplicate an existing SNMP trap profile, select it in the list, and Choose Action > Duplicate and Edit. |
3. |
NOTE: If you are editing one of the default profiles, you cannot make any change to the Add Automatically To field. |
4. |
%Vd# |
|
%Vn# |
Variable binding name (where '#' is a number representing the element's position in the sequence). |
%Vo# |
Variable binding OID (where '#' is a number representing the element's position in the sequence). |
%Vt# |
Variable binding type (where '#' is a number representing the element's position in the sequence). |
%Vv# |
Variable binding value (where '#' is a number representing the element's position in the sequence). |
Shows all variable bindings (Name: Value, Name: Value, Name: Value). If a Name is missing (due to a missing MIB file), the OID is displayed instead. |
◦ |
To add an alert level, under Criteria, click to add a new alert level. |
◦ |
TRAP_OID = “.1.3.6.1.4.1.8072.2.3.2.1”: An alert is generated when the trap OID contains ".1.3.6.1.4.1.8072.2.3.2.1". |
◦ |
TRAP_NAME = "acctngFileFull" AND VARBIND = "acctngFileName|ABC": An alert is generated when the trap name contains "acctngFileFull" and if one of the trap's variable bindings is "acctngFileName" with a value of "ABC". |
7. |
NOTE: You can return a default profile to factory settings for its operating system by using the Reset to Factory Settings button at the bottom of the page. |
You can copy a default or existing monitoring profile and edit the copy to create a new profile.
1. |
a. |
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information. |
b. |
2. |
Select the check box for the existing profile that you want to start with as a template, and select Choose Action > Duplicate and Edit to display the Profile Detail page. |
4. |
NOTE: If you are editing one of the default profiles, you cannot make any change to the Add Automatically To field. |
The path can be the basic one for the operating system, as shown in the table.
application for Windows Application
Microsoft-Windows-TaskScheduler/Operational for Windows Task Scheduler Operational | |||
Alternatively, you can enter a path that defines a log that contains data beyond the basic event logs. For instance, if you had an application on SUSE that sends its data to a specific log such as /var/log/<myapplog>, you can use that path in a new profile, and define the search text and alert level as described in this procedure.
For devices with Linux operating systems, there are a number of different log paths for MySQL and Apache logs, depending on the version of the OS. See Profile log paths for MySQL and Apache.
6. |
◦ |
Change Include Text. |
1. |
2. |
3. |
Click Save at the right of the row. |
◦ |
Optional: Change Exclude Text. |
1. |
2. |
3. |
Click Save at the right of the row. |
◦ |
Change alert Level. |
1. |
2. |
In the Level drop-down list, select the level from among the five choices: Critical, Error, Warning, Info, and Recovered. |
3. |
Click Save at the right of the row. |
1. |
2. |
Set the level, search text, and case sensitivity, and click Save at the right of the row |
4. |
Optional: Reorder the new alert criteria using the Drag button: . |
7. |
The profile is available to be assigned to a device on that device's Monitoring Detail page.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center