1

I am looking to have alerting using the SCOM utility based on scanning of log files written by log4j, eg using the DailyRollingFileAppender standard appender.

However, the SCOM documentation specifically states that it keeps a high water mark line number on a log file, and if it is truncated within a minute, it will not take notice of log entries before that line number.

Unless I missed something, this would seem to be an issue for all the standard appenders, which do specifically that (ie they always log to a single file name, then when he wrap criteria are met, they copy the contents of the file to an archive, and then clear (somehow) the same file name.

Can anyone solve this for me (eg identify another way that SCOM can be used, or point me at an alternative appender?)

SCOM Document extract... If a logfile is deleted and recreated with the same name within the same minute, the high water mark will not be reset, and log entries will be ignored until the high water mark is exceeded.

Thanks

Vince Reynolds
  • 11
  • 1
  • I didn't know SCOM but it seems to be rather MS-specific... Have you thought about using a more generic log analyzer like [LogMX](http://www.logmx.com)? It can monitor log files and trigger alerts, with or without rolling appender (i.e. handles file flush). – xav Jul 31 '14 at 20:32

1 Answers1

0

With NiCE LogFile MP, such scenario is resolved. The MP detects when a file was deleted and then resets the position marker. You can register at this portal and get your copy of the NiCE LogFile MP. It is a free product.

Hari
  • 1,509
  • 15
  • 34