Kaseya Community

Log Monitor not creating alert, running script

  • I have a log parser definition setup to create an alert, open a ticket, and to run a script, and email.

    Although the definition captures to the Monitor log, none of the "actions" actually happen.

    Legacy Forum Name: Log Monitor not creating alert, running script,
    Legacy Posted By Username: myArch-man
  • Need to know what your Parser Set looks like, Parser Def and Log itself.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: kaseya
  • Parser Definition: (For Exchange 2003 Message Tracking Log)

    Template:
    $Date${tab}$MSGTime${tab}$client-ip${tab}$Client-hostname${tab}$Partner-Name${tab}$Server-hostname${tab}$server-IP${tab}$Recipient-Address${tab}$Event-ID${tab}$MSGID${tab}$Priority${tab}$Recipient-Report-Status${tab}$total-bytes${tab}$Number-Recipients${tab}$Origination-Time${tab}$Encryption${tab}$service-Version${tab}$Linked-MSGID${tab}$Message-Subject${tab}$Sender-Address$

    Output Template:
    FROM: $Sender-Address$ TO: $Recipient-Address$ SUBJ:--$Message-Subject$-- SENT: $Origination-Time$ RECIPIENTS:$Number-Recipients$ STATUS: $Recipient-Report-Status$ REMOTE HOST:$Partner-Name$ $Client-hostname$ $client-ip$ TOTAL BYTES: $total-bytes$ EVENTID:**$Event-ID$** MSGID: $MSGID$

    Log File Parameters:
    Event-ID String
    Sender-Address String
    Recipient-Address String
    Message-Subject String
    Origination-Time String
    MSGID String
    Linked-MSGID String
    client-ip String
    Client-hostname String
    Partner-Name String
    Server-hostname String
    server-IP String
    service-Version String
    Priority String
    Encryption Integer
    Number-Recipients Integer
    total-bytes Integer
    Date String
    MSGTime String
    Recipient-Report-Status String

    Parser Set Definition: (only one assigned)
    Sender-Address Begins With chris.sotak@myarchway.com
    Event-ID Begins With 1031
    Message-Subject Begins With GumBall

    Log Monitoring Data in Monitor Log (Output):
    FROM: chris.sotak@myarchway.com - TO: chris.sotak@gmail.com SUBJ:--GumBall-- SENT: 2008-4-7 21:17:27 GMT RECIPIENTS:1 STATUS: 0 REMOTE HOST:mx.google.com - - TOTAL BYTES: 2310 EVENTID:**1031** MSGID: 30849660E11CBC42B54A59D623E5A93804073A@atms-sv1.at.local

    I have all the ATSE actions selected when this event is logged. The event gets logged, but none of the actions occur. I'm stumped.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: myArch-man
  • What is the diference between template and output template?

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: ServicedeskDG
  • I found that for some logs that I push through the log parser the {tab} bit is not recognised so I had to count the spaces, once that was cleared up the parser and subsiquent steps worked fine.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: thirteentwenty