Applicable versions and levels
Windows versions: V5.0L10 or later
Action 1
Points to check
Check the event monitoring conditions definition.
Action method
The event may match conditions specified in lines other than the ones that were assumed in the event monitoring conditions. Ensure that there are no invalid characters (for example, uppercase, lowercase, fullwidth, halfwidth, number of spaces) in the lines with condition that are assumed to match.
If multiple event definitions of a similar type have been defined, the event may match the conditions specified in lines above the assumed ones. Check if the event matches the conditions specified in lines above the assumed ones.
Note
Handling of events for which the event type is "None"
In messages output to the Windows event log, the event type is stored, and depending on the event type, an error type and importance is set and appended. Events for which the event type is "None" are processed as events with error type "Error", and importance "Very important".
Action 2
Points to check
Was log file monitoring performed? If so, did the message output to the log file use a line feed as the separator?
Action method
Log file monitoring processes each line (up to the line feed) as one message. If multiple messages are output consecutively without being separated by a line feed, they will be processed as one message, therefore they may match a definition line that is not intended by the user. If multiple messages are output to the log file on the application side that outputs the message, configure the settings so that they are separated by a line feed in the output.
Action 3
Points to check
Check the action environment settings.
Action method
Check if the following type of event has occurred in the event log:
Source: MpAosfB
Event ID: 3000 - 3207
Type: Error
Refer to the Online Help for information on the message ID, and then perform the action method.
Action 4
Points to check
Has the same message been output more than once?
Cause
If the same message is output more than once within 60 seconds, all occurrences except for the first one will be discarded. If these types of messages were suppressed, the automatic action defined for the messages discarded will not be executed.
Action method
Set the output interval for the same message to 60 seconds or more.
Action 5
Points to check
Was log file monitoring performed?
Was monitoring performed according to the log file monitoring mechanism?
Action method
If there is a problem with the method used to output the message to the log file because of the monitoring mechanism, change it.
Point
Log file monitoring mechanism
If log file monitoring is performed, the file is checked for size changes every 30 seconds. If the size of the log file loaded is different from its current size, then it is loaded again.
If the size has increased since it was loaded, then it is loaded again, and each line added (up to the line feed) is treated as a new message.
If the file size has decreased since the previous time, the log file is cleared, judged to have been output again, and each line until the line feed is processed as one message.
Examples of correct monitoring
Example 1) In the following example, the file size has increased, therefore message6 will be processed as a new message.
Before addition | After addition |
|---|---|
message1 | message1 |
message2 | message2 |
message3 | message3 |
message4 | message4 |
message5 | message5 |
message6 (new) |
Example 2) In the following example, the file size has decreased, therefore the log file size is cleared and judged to have been output again, and message6 to message9 are then processed as new messages.
Before addition | After addition |
|---|---|
message1 | message6 (new) |
message2 | message7 (new) |
message3 | message8 (new) |
message4 | message9 (new) |
message5 |
Examples in which the log file cannot be monitored correctly
Example 1) In the following example, the file size does not change, therefore message2 will not be processed as a new message.
Before addition | After addition |
|---|---|
message1 | message2 |
Example 2) In the following example, the file size has increased, therefore only 001 will be processed as a new message, not MESSAGE1001.
Before addition | After addition |
|---|---|
message1 | MESSAGE1 |
| 001 (new) |
Example 3) In the following example, the new message will be processed from B, not messageAB, and monitored from the middle of the string.
Before addition | After being overwritten |
|---|---|
message1 | messageAB |
Note
Only files in text format can be monitored. Files containing binary data cannot be monitored.
After the monitoring target file is deleted from the definition and added to the log file monitoring settings again, it will be assumed that a new file has been defined, and all file content will be processed.
If a large log file is added as a monitoring target, monitoring will start from the start of the file, therefore it will take a while until completion. For this reason, a large amount of messages may be output.
Each line added to the log file will be processed as one message. However, the line length, including additional information, should not exceed 2047 bytes. The structure of the message that is converted is as follows:
label:INFO:message |
label: Label specified in the Monitored Log File Setup window message: Message output to the log file
If the following strings are specified for the label, it may not be possible to correctly compare the log file with the event monitoring conditions definition:
INFO, Information
WARNING, Warning
ERROR, Error
HALT, Stop
Information
The message output datetime is the datetime at which Systemwalker Operation Manager loaded the message from the log file.
If a line containing only a line feed is output to the log file and monitored, the message will be handled as a blank message (a message consisting of label + "INFO" only).
Perform the following procedure without stopping the operation to reset the monitoring target log file:
Reset the monitoring target log (clear file content, and delete the file).
Make the log a zero length file.
Wait 30 seconds or more, until Systemwalker Operation Manager recognizes that the log is a zero length file.
Resume output to the log.
Because of the above processing, the file will be monitored from the start, so no messages will be missed.
Action 6
Points to check
Was the action condition time set?
Do the event issuer time and the time on the server that executes the action match?
Cause
The event issuer time and the time on the server that executes the action do not match.
Action method
Ensure that the event issuer time and the time on the server that executes the action match.
Action 7
Check if the error message below was output.
Error message
MpAosfB: ERROR: 3016: Action execution server is not started. |
Points to check
Were the following ports that are used to execute the action freed?
JMACT1 9369/tcp
JMACT2 9370/tcp
JMACT3 6961/tcp
Cause
The action could not be executed because the ports required to execute it were not freed.
Action method
Free the ports required to execute the action.
