Due to the way I would like to build some alert correlation in the NAS, I would like control the alarm count that logmon presents when it matches my Watcher rules.
Currently, I have a logfile in which a hostname can appear anywhere from 1 to 5 times. When Watcher rule detects the first (and possibly only) occurrence of the hostname I would like it to send an alert , however if the hostname appears multiple times in the same log file, I do not want the alarm count to increment. If the same hostname appears again in a different logfile (and the previous alarm is still open) I would like the alarm count of the previous alarm to increment by one.
At the end of the day I want to be able to genenerate a critical alarm if the hostname appears in 6 different logfiles at least once. I can create the critical using the NAS escalate Action type. Any thoughts on how I can accomplish this?