So that goes for both monitors and rules? Is it best to setup log monitoring as rules?
steve On Apr 7, 2015 9:53 AM, "Kevin Holman" <[email protected]> wrote: > When you create a log file monitor in SCOM, it will read the file size, > and start reading new lines in the log only. It should not read and > generate alerts on old entries, unless the log file is edited in such a way > that we have to re-read the entire file and see all lines as “new”. One > way this happens is when the application grooms old lines from the top of > the file, but attempts to leave the reast of the file intact. In this > case, we notice the number of lines has changes, so SCOM re-reads all lines > in the file. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Steve Olvera > *Sent:* Tuesday, April 7, 2015 9:21 AM > *To:* [email protected] > *Subject:* [msmom] Log file monitor > > > > Hi all, > > I have to monitor several log files some dating back to mar 2014. The app > owners are not willing to create new log files so they have several months > of errors and success entries. I setup a log rule to alert for key words > in the log, but had several alerts on old error entries. How can I get > scom to only alert on error entries that are recent? > > Thanks > > steve > > > >
