AnsweredAssumed Answered

Logmon and clearing an alarm?

Question asked by rith on Jun 7, 2017
Latest reply on Jun 8, 2017 by rith

I don't get my clear-watcher to work with my alarm-watcher.

 

I've tried alot of different regex and suppression keys, but still can't get it to work...

 

I want to capture if a state is in 'MediaW', and to clear that alarm if it goes in to whatever else state. Or even try to suppress it to an informational alarm.

 

E.g

q sess

Sess Comm. Sess Wait Bytes Bytes Sess Platform Client Name
Number Method State Time Sent Recvd Type
------- ------ ------ ------ ------- ------- ------- -------- -----------------
297,880 Tcp/Ip Run 0 S 24.2 M 1.7 M Admin DSMAPI IBM-OC-PUL
337,489 Tcp/Ip MediaW 0 S 25.6 M 164 Admin WinNT RESJADM
359,315 Tcp/Ip IdleW 50 S 1.7 M 645.1 K Admin DSMAPI RESJADM
359,332 Tcp/Ip IdleW 54 S 1.0 M 1.1 M Admin DSMAPI RESJADM
359,589 Tcp/Ip IdleW 54 S 935.0 K 649.3 K Admin DSMAPI PDP

 

I'm trying an alarm and clear watcher with these regex:

Alarm:

/(.*(Tcp\SIp)\s(MediaW).*)/

Clear:

/(.*(Tcp\SIp)\s(!?MediaW).*)/

 

For this one I'm using 3 variables, and I've tried to use all of them (one at a time) as suppression key, with no luck.

If I change the log from MediaW to IdleW, and change the severity to 'informational' on my clear watcher, it will only create a new alarm. Not suppressed.

 

Have they changed anything in Logmon version 3.90? Or am I missing something here?

Outcomes