To automatically execute actions at an event occurrence, it is necessary to monitor the event occurrences with the event monitoring function. Events to be monitored can be defined in the Define Event dialog box.
The following shows the types of events that can be monitored using the event monitoring function.
Event log
The messages output to the event log files.
The formats can be checked with the event viewer in Windows(R).
Log file monitoring
The added parts of text output to log files.
Up to the Line Feed code of the added text is monitored as a single message. The format is "label name + message (in each line)." The monitoring interval is set to 30 seconds.
Monitoring messages
The messages handled by Systemwalker Centric Manager (System Monitor).
They are the relayed messages transferred from the system monitoring agent locating in a lower level of the logical hierarchy than the definition destination system. They can be monitored when Systemwalker Centric Manager is installed.
The formats can be checked in the event list in the Systemwalker Centric Manager Monitoring window.
For details, refer to the Systemwalker Centric Manager User's Guide or the Systemwalker Centric Manager Online Help.
Procedure
Displaying the Monitored Event Table window
Select Calendar from the Systemwalker Operation Manager window, then select Event Monitoring Conditions Definition from the Options menu.
Figure 11.1 Monitored Event Table window
Displaying the Define Event dialog box
Select the event type (NT Event Log/Application Logfile) from the Add Event in the Event menu of the Monitored Event Table window.
Or, select an event and select Update Event from the Event menu of the Monitored Event Table window.
Defining the events to be monitored
In the Define Event dialog box, define the events to be monitored. After defining, click OK to save the definition. Up to 1024 events can be defined.
Figure 11.2 NT Event Log dialog box
Specifies the log to specify events.
Not specify by log.
Specifies by log. The type of log (system log, security log or application log) to specify events can be selected.
Specifies the event ID to specify events.
Not specify by event ID.
Specifies by event ID.
Specifies the type to specify events.
Not specify by type.
Specifies by type. The event type (error, warning, information, success inspection or failure inspection) can be selected.
Specifies the source name to specify events. This can be specified when the log is specified for log specification.
Not specify by source name.
Specifies by source name.
Specifies the category to specify events. This can be specified when the event ID is specified for event ID specification.
Not specify by category.
Specified by category.
Figure 11.3 Application Logfile dialog box
Specifies the log file monitoring message label.
Not specify by label.
Selects a label name defined in the Set Monitoring Log File dialog box from the combo box.
Specifies the log file monitoring message text.
Not specify by text.
Specifies the message text to specify the log file message.
Note
Notes on Event Log Monitoring
Events with the source name MpAosfB are not subject to monitoring except for ones with the event ID 9999.
If Microsoft(R) ClusterServer is used, event logs are output to the event log files for all the nodes of the same cluster at event occurrences. However, only the nodes in which events have occurred are targeted for monitoring.
In this case, no action is taken even if defined.
Note
Suppression of identical message output
If the same message is output multiple times within 60 seconds, the second and subsequent messages are abandoned. If it has occurred, the automatic actions defined by those messages are not taken.
If the suppression of identical message output is specified, up to 100 types of messages are suppressed. If 100 types or more of messages are issued within 60 seconds, the latest 100 types of messages are suppressed.
Regular Expression
The regular expression can be used in the Specify message text column of Define Event [Log File Monitoring] dialog box.
The regular expression can be used in the following syntax rules.
Regular expression | Meaning |
---|---|
. | Represents any single character (including changing line). |
* | Represents zero (0) or more times of iteration of the immediately preceding character (including the regular expression). |
^ | Represents the beginning of a line. |
$ | Represents the end of a line. |
[Character string] | Represents any single character in the character string. |
[^ character string] | Represents any single non-literal character used in the character string. |
[character "a" - character "b"] | Represents any single character within the range from character "a" to character "b". |
The following syntax rules cannot be used.
Regular expression | Meaning (Note) |
---|---|
? | Represents zero (0) or 1 time of iteration of the immediately preceding character (including the regular expression). |
| | Represents it matches to either before or after. |
+ | Represents 1 or more times of iteration of the immediately preceding character. |
\ | Represents specific character by the character that follows \. Null character is \s, Changing line is \n etc. |
(Character string) | The character string in () becomes one group. |
{Number} | Represents an iteration of Number specified in {} |
Note) The meaning value may vary depending on the OS and software.
Note
If you want to use one of the characters above (including the characters that can be used in regular expression and those that cannot) as an ordinary character, add character "\" before each of these characters.
Examples are "\.", "\*", "\?" and "\|"
A character string enclosed by a pair of "[" and "]" characters is considered to be "$" characters instead of the special characters in regular expression.
Information
The meaning of regular expression is identical between the time when characters ".*" are set at the beginning of a character string and when they are omitted.
For example, ".*error occurred" and "error occurred" are both considered to be a character string containing characters "error occurred". In this way, the process speed of the character string comparison may sometimes increase if the regular expression is not used. In such case, avoid using the regular expression.
Regular expression examples
Regular expression example | Meaning |
---|---|
abc | Represents a character string containing "abc". It matches "aabc" and "abcd". |
abc.ef | Any single character can be entered between "abc" and "ef". It matches "abcdef" and "abc5ef". |
a*b | Represents an iteration of character "a" zero (0) or more times. It matches "b", "ab", "aab" and "aaab". |
.* | Represents any character string which consists of any character "." and "*" referred to an iteration of the immediately preceding character zero (0) or more times. |
^abc | Represents that the line begins with characters "abc". It matches "abcdef" and "abcxyz". |
xyz$ | Represents that the line ends with "xyz". It matches "123xyz" and "ABCxyz". |
3001[IWEH] | Represents any of characters "I", "W", "E" and "H". It matches "3001I", "3001W", "3001E" and "3001H". |
3500[^IN] | Represents a character other than "I" or "N". It matches "3500a" and "3500n" but does not match "3500I" and "3500N". |
[0-9] TIMES | Represents any character from "0" to "9". It matches "0 TIMES" and "2 TIMES". |
Sample definitions
The following gives sample definitions which can be used to define event monitoring conditions.
Example 1: Monitor a message whose error number ends with character "A".
Messages monitored: error no 1000A : detail is ...
Messages monitored: error no 1002A : detail is ...
Messages not monitored: error no 1234E : detail is ...
If string "error no" is follows by a four-digit character, and if you define the subsequent character as "A":
Correct definition example: error no [0-9][0-9][0-9][0-9]A : detail is ...
Incorrect definition example: error no *A
Character "*" represents an iteration of the immediately preceding character zero or more times. It is NOT any character string. To define the error number as any character string, specify "error no.*A".
Example 2: Monitor a message containing character string "error occurred".
Messages monitored: file control error occurred
Messages monitored: system error occurred
Messages not monitored: file control succeeded
To define any character string followed by string "error occurred":
Sample definition: .* error occurred
To define a character string which ends with string "error occurred":
Sample definition: error occurred$
Example 3: Monitor a message which begins with string "Check system".
Messages monitored: Check system -> Server01.
Messages monitored: Check system -> Server02.
Messages not monitored: Check database -> Server02.
To define a character string which begins with string "Check system":
Sample definition: ^Check system