DX NetOps

  • Private Community

  • 1.  How to Assert log monitoring alarms on service models based on LogMon traps

    Posted Nov 07, 2016 02:44 PM

    We have a requirement as mentioned below.

     

    Few considerations before asking my actual query.

    1. In our environment, we have more than 2 applications hosted on single server and configuring the log file monitoring for respective applications using eHealth AdvantEDGE View.

    2. All the LogMon traps/alarms are being forwarded to Spectrum

    3. We have created services to represent applications separately by adding the applicable servers as resources 

     

    Example:

    1. Tomcat and MS SQL apps are hosted on server A

    2. Configured log monitoring for tomcat logs and SQL server logs

    3. Created two different spectrum services App-Tomcat and App-SQL and added Server A as resource for those two services

     

    ********* Actual query/requirement *********

    Now, the problem is... Let us say the LogMon alarm is generated for SQL server application on the server A. As the server is part of two services, it is impacting the health of both the services App-Tomcat and App-SQL and this is misleading the SLA calculations and service health for the application for which the LogMon alarm is no longer related (i.e. App-Tomcat).

     

    I would like to make the alarm asserted on respective service model instead of server model (i.e. from the above example, as the LogMon alarm is related to SQL Server, it should only impact the service App-SQL and alarm should be triggered on it.

     

    We are not interested in South bound gateway as we have lot of LogMon files configured on all the servers and SBGW solution will create lot of mess in Spectrum by creating event models for each LogMon trap.

     

    Seems, it can be achieved using event processing based on the traps. But, need guidance on this.

    Please let me know the possible ways to achieve this using event codes/procedures or any other.

     

    Regards,

    Rajashekar



  • 2.  Re: How to Assert log monitoring alarms on service models based on LogMon traps

    Broadcom Employee
    Posted Nov 07, 2016 02:51 PM

    Do you have process models defined in Spectrum and have you looked @ the log to process map ( Log-to-Process Mapping - CA Spectrum - 10.1 to 10.1.2 - CA Technologies Documentation  ).  This way you put the process models in each of the services.



  • 3.  Re: How to Assert log monitoring alarms on service models based on LogMon traps

    Posted Nov 08, 2016 09:14 AM

    Hi Robert,

     

    I tried your suggestion and still see the alarms are being generated on host instead of process model. Also, I don't see any event on process model.

    As we are configuring log monitoring using eHealth, it might be the issue here. Please correct me if I am wrong.

     

    Below are the configurations for Windows and Linux respectively.

     

    LogToProcessMapping_Windows

     

    LogToProcessMapping_Linux

     

    Please let me know if the above configuration is wrong.

     

    Also, as we are monitoring multiple log files on a server, this process will put a lot of manual work to map a log file to process (on some servers, we don't have processes being monitored)

     

    And, is it ok to map any number of log files to a single process? Please confirm.

     

     

    Regards,

    Rajashekar



  • 4.  Re: How to Assert log monitoring alarms on service models based on LogMon traps

    Broadcom Employee
    Posted Nov 14, 2016 10:35 AM

    It looks correct from what I can tell.  I would suggest opening a ticket with support if you have not done so already.