7.5 Creating Events from Log Files

Use information contained in log files to generate events and alarms in Operations Center.

For example, assume a management tool monitors Web sites. This tool performs tests against Web sites and then stores the test result information in a file. In general, this type of file has a standard layout and contains information that can generate alarms or events in Operations Center.

To create events from log files:

  1. Understand and parse the data.

    How is event data represented in the log file? If one row represents an entire event, parse the line and assign field names to that data. An event that is represented by multiple rows probably requires more sophisticated parsing.

  2. Gather and send the data.

    Many companies employ a utility called Stail, which monitors the end of log files and usually is written in Perl for portability. After adding new lines to the log file, the utiity reads, transposes, and sends the data to a server on a specific TCP/IP port. Using this utility correctly requires a clear understanding of the layout and meaning of every item in the log file. The data is read into memory and formatted to conform to a NOC Universal adapter data stream. The formatted data stream is sent to the NOC Universal adapters port.

    The data stream consists of the required header, field/value pairs and the required footer. There is usually no mining capability so all events are sent with a class of Sync. Operations Center assigns the real class based on the EventConsoleName adapter properties.