Ad Widget

Collapse

Event Log Trigger assistance

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • DSon
    Member
    • Sep 2009
    • 44
    #1

    Event Log Trigger assistance

    Hi all,

    I've setup an eventlog() item to collect entries from a custom windows event log (i.e. "Custom Log"), and this appears to be working fine.

    I'd like to configure a trigger to alert if the log source is "Testing" and if "text-A" is found in the event description, and if possible to clear the alert if "text-B" is found later (same log source).

    Note: the qoutes (") aren't in the actual trigger, they just mask my actual names for security purposes.

    Having searched the forum I've found a similar trigger posted by "doofkopf" which I've modified to use my log source / text-A / text-B however it seems to work intermittently.

    Here is the trigger I'm trying to use:

    ((({TRIGGER.VALUE}#2)|({Template_Eventlog:eventlog["Custom Log"].nodata(30)}#1))&((({Template_Eventlog:eventlog["Custom Log"].logsource("Testing")}=1)&({Template_Eventlog:even tlog["Custom Log"].str("text-A")}=1))|(({TRIGGER.VALUE}=1)&(({Template_Eventlog :eventlog["Custom Log"].logsource("Testing")}#1)|({Template_Eventlog:even tlog["Custom Log"].str("text-B")}#1)))))

    So, I currently have an action defined to report when the trigger changes and this is working, however I'm not sure the {ITEM.LASTVALUE} is reporting the actual value that caused the trigger to change. I say this because the value it reports in the e-mail is sometimes the "text-A" / "text-B" that I'm searching for - but other times it's a completely different event log entry!

    My questions are:

    a) Is this trigger (see above) wrong in some way?
    b) Is the {ITEM.LASTVALUE} "out of synch" somehow? (the item collects every 60 seconds, but the events are written about 20 secs apart)

    Hopefully someone can point out the flaw in this trigger, or maybe share one of their own that performs a similar function.

    Thanks,
    DSon.
    Last edited by DSon; 15-09-2009, 13:47. Reason: spelling mistake!
    Tags: None
    • trikke
      Senior Member
      • Aug 2007
      • 140
      #2
      Hi DSON,

      I guess it's b). The Agent is checking the logfile and sending all the lines it finds to the server ( as a package of lines), the Server processes the incomming lines, but get's out of sync as u said when processing the action the LASTVALUE could be filled with another message/line ( I'm struggling with the same problem)

      greets
      Patrick

        Comment

        • DSon
          Member
          • Sep 2009
          • 44
          #3
          Triggers (contd.)

          UPDATE:
          I may have made it work by setting the eventlog item to collect values every 30 secs (rather than 60 secs). I've yet to notice an out of synch trigger item value being reported.

          On this same note however, I have a more simple request - and that is to set a trigger to alert if a certain string is found in the last event log entry. Easy enough, I hear you murmur.. the difference to the above trigger is that I'd like it to STAY TRUE, even if the next event log item collected doesn't contain the string. Is it similar to the above trigger?

          And another little one!

          Again, on triggers, if anyone here knows how to report the ITEM.NAME and ITEM.LASTVALUE responsible for setting a trigger to TRUE - but a trigger expression that contains multiple possible TRUE scenarios - I'd be really greatful!

          What I mean is by default, ITEM.NAME and ITEM.LASTVALUE report the item name and value of the FIRST item of the trigger expression that caused the alert. I'd really like my e-mail notification to display the name / value of the item that actually caused the trigger to eqaul true (i.e. not just the first item in the trigger expression). I'm sure it's possible, I'm just not seeing it for some reason!

          Any advice on either of the above queries would be much appreciated.

          DSon.

            Comment

            • DSon
              Member
              • Sep 2009
              • 44
              #4
              Help me Obi Wan..

              Hey all, if anyone has any advice re: my latest post (above) I'd be really greatful!

                Comment

                • DSon
                  Member
                  • Sep 2009
                  • 44
                  #5
                  ^^bump^^ TRIGGER SYNTAX ASSISTANCE / ITEM.LASTVALUE ^^bump^^

                  Does anyone know enough about the following two questions?

                  >>> SNIP

                  I have a more simple request - and that is to set a trigger to alert if a certain string is found in the last event log entry. Easy enough, I hear you murmur.. the difference to the above trigger is that I'd like it to STAY TRUE, even if the next event log item collected doesn't contain the string. Is it similar to the above trigger?

                  And another little one!

                  Again, on triggers, if anyone here knows how to report the ITEM.NAME and ITEM.LASTVALUE responsible for setting a trigger to TRUE - but a trigger expression that contains multiple possible TRUE scenarios - I'd be really greatful!

                  What I mean is by default, ITEM.NAME and ITEM.LASTVALUE report the item name and value of the FIRST item of the trigger expression that caused the alert. I'd really like my e-mail notification to display the name / value of the item that actually caused the trigger to eqaul true (i.e. not just the first item in the trigger expression). I'm sure it's possible, I'm just not seeing it for some reason!

                  >>> SNIP

                    Comment

                    Previous template Next
                    Working...