When you create a log file monitor in SCOM, it will read the file size, and start reading new lines in the log only. It should not read and generate alerts on old entries, unless the log file is edited in such a way that we have to re-read the entire file and see all lines as “new”. One way this happens is when the application grooms old lines from the top of the file, but attempts to leave the reast of the file intact. In this case, we notice the number of lines has changes, so SCOM re-reads all lines in the file.
From: [email protected] [mailto:[email protected]] On Behalf Of Steve Olvera Sent: Tuesday, April 7, 2015 9:21 AM To: [email protected] Subject: [msmom] Log file monitor Hi all, I have to monitor several log files some dating back to mar 2014. The app owners are not willing to create new log files so they have several months of errors and success entries. I setup a log rule to alert for key words in the log, but had several alerts on old error entries. How can I get scom to only alert on error entries that are recent? Thanks steve
