Management Pack Health Model Exercise #10 - Creating a Delimited Text Log Alerting Rule

Management Pack Health Model Exercise #10 - Creating a Delimited Text Log Alerting Rule

This document is part of the Operations Manager Management Pack Authoring Guide





Overview

The following procedure shows how to create an alert rule using  the Operations Manager 2007 Authoring console and Visual Studio Authoring Extensions. 

Product Versions

This exercise applies to the following products:

  • System Center Operations Manager 2007 R2
  • System Center 2012 Operations Manager
  • System Center 2012 Operations Manager SP1

Prerequisites

Before you perform this procedure, you must first complete the following prerequisite procedures:

Revisions

The Microsoft System Center team has validated this procedure as of the original revision.  We will continue to review any changes and periodically provide validations on later revisions as they are made.  Please feel free to make any corrections or additions to this procedure that you think would assist other users

Sample Code

A sample of the completed code for each exercise is available in the TechNet Gallery.  There is a separate sample for each exercise that includes the management pack completed at the end of that exercise and each preceding exercise.  This strategy allows you to work through each exercise in order and then compare your results.  For VSAE, this also includes the Visual Studio solution. 

Details

The monitor created in this procedure has the following characteristics:

  • Runs on any computer that has an instance of MyComputerRole1.
  • Watches a log file that has a naming pattern of MyApp*.log located in the c:\logs directory. The file is expected to be comma delimited.
  • Creates an alert with a critical state when the string “error” is found in the second field.
  •  Includes the first, third, and fourth fields in the description of the alert.
  • Suppresses alerts when the name of the logging computer and the value in the first field match.

Authoring Console Procedure

  1. In the Authoring Console, select Health Model, and then select Rules.
  2. Right-click in the Rules pane, select New, select Alerting, and then select Text Log (Delimited).
  3. On the General page, do the following:
    1. In the ElementID box, type MyMP.Rule.AlertOnDelimitedTextLog.
    2. In the Display Name box, type MyApplication Delimited Log Error.
    3. In the Target box, select MyMP.MyComputerRole1.
    4. In the Category box, select Alert. Click Next.
  4. On the Application Log Data Source page, do the following:
    1. In the Directory box, type c:\logs.
    2. In the Pattern box, type MyApp*.log.
    3. In the Separator box, type a COMMA.
    4. Click Next.
  5. On the Build Event Expression page, do the following:
    1. Click Insert.
    2. In the Parameter Name box type Params/Param[2].
    3. In the Operator box select Contains.
    4. In the Value box type error.
    5. Click Next.
  6. On the Configure Alerts page, do the following:
    1. In the Alert name box, type Error found in MyApplication delimited text log.
    2. Click the button to the right side of the Alert description box.
    3. Clear the text in the Value box.
    4. Select Data, then Params, then Param.
    5. Replace the text <<INT>> with 1.
    6. Move to the end of the line and press the ENTER key.
    7. Select Data, then Params, then Param.
    8. Replace the text <<INT>> with 3.
    9. Move to the end of the line and press the ENTER key.
    10. Select Data, then Params, then Param.
    11. Replace the text <<INT>> with 4.
    12. Move to the end of the line and press the ENTER key.
    13. Click OK.
  7. Click Finish.
  8. Right-click MyMP.Rule.AlertOnDelimitedTextLog and select Properties.
  9. On the Modules page, do the following:
    1. Click the Edit button next to the Action pane.
    2. Click the Configure button.
    3. Click the Alert Suppression button
    4. Select Logging Computer and Parameter 1.
  10. Click OK.
  11. Click OK.
  12. Click OK.
  13. Click OK.

Visual Studio Authoring Extensions Procedure

  1. Add a reference to the Application Log management pack:
    1. In Solution Explorer, right click References and then select Add Reference.
    2. Select the Browse tab.
    3. Navigate to C:\Program Files (x86)\System Center 2012 Visual Studio Authoring Extensions\References\OM2007R2\System.Performance.Library.mp.  You may need to modify this path based on your installation location of VSAE.
    4. Select System.ApplicationLog.Library.mp and click OK.
    5. Click on System.ApplicationLog.Library in the Solution Explorer.
    6. In the Properties pane change the Alias to AppLog
  2. Create the Rule:
    1. In Solution Explorer, right click Right click the name of the solution, select Add and then select New Item.
    2. Select Rule (Alert).
    3. Change the name of the template to Rules.mptg and click Add.
  3. Configure the Rule Properties:
    1. Right click the entry for NewAlertRule and select Properties Window.
    2. Change the ID to Rule.AlertOnDelimitedTextLog.
    3. Change the Display Name to MyApplication Delimited Log Error.
  4. Select the Rule Target:
    1. Select Target and click the ellipse (...) button on the right of the field. 
    2. Select MyMP.MyComputerRole1 and click OK.
  5. Select the Rule modules:
    1. Select Data Sources and click the ellipse (...) button on the right of the field.
    2. Click Add
    3. Select Data Source Type ID and click the ellipse (...) button on the right of the field.
    4. Select System.ApplicationLog.GenericCSVLog.FilteredEventProvider and click OK.
    5. Select Data Source Configuration and click the ellipse (...) button on the right of the field.
    6. Copy the following XML into the configuration window between the <Configuration> tags.  Note that you can use Intellisense to manually type in each entry.

      <LogFileDirectory>c:\logs</LogFileDirectory>
      <LogFilePattern>MyApp*.log</LogFilePattern>
      <LogIsUTF8>false</LogIsUTF8>
      <Separator>","</Separator>
      <Expression>
        <RegExExpression>
          <ValueExpression>
            <XPathQuery Type="String">Params/Param[2]</XPathQuery>
          </ValueExpression>
          <Operator>ContainsSubstring</Operator>
          <Pattern>error</Pattern>
        </RegExExpression>
      </Expression>


    7. Click OK.
  6. Configure the Alert:
    1. In the Alert Name field, type Error found in MyApplication delimited text log.
    2. Select Alert Description and click the ellipse (...) button on the right of the field. 
    3. Type the following into the Specify alert description box and click OK.

      $Data/Params/Param[1]$
      $Data/Params/Param[3]$
      $Data/Params/Param[4]$

  7. Save and Compile the Project:
    1. Select File, and then click Save Rules.mptg.
    2. Select Build and then Build Solution.
    3. Ensure that you don't receive any errors.

See Also


Leave a Comment
  • Please add 5 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
Page 1 of 1 (1 items)