bvloch1

Logmon Alarm Count Question

Discussion created by bvloch1 on Apr 9, 2012
Latest reply on Apr 10, 2012 by bvloch1

Due to the way I would like to build some alert correlation in the NAS, I would like control the alarm count that logmon presents when it matches my Watcher rules.

 

Currently, I have a logfile in which a hostname can appear anywhere from 1 to 5 times.  When Watcher rule detects the first (and possibly only) occurrence of the hostname I would like it to send an alert , however if the hostname appears multiple times in the same log file, I do not want the alarm count to increment. If the same hostname appears again in a different logfile (and the previous alarm is still open) I would like the alarm count of the previous alarm to increment by one.  

 

At the end of the day I want to be able to genenerate a critical alarm if the hostname appears in 6 different  logfiles at least once. I can create the critical using the NAS escalate Action type. Any thoughts on how I can accomplish this? 

Outcomes