Assign Parser Sets

Monitor > Assign Parser Sets

The Assign Parser Sets page creates and edits parser sets and assigns parsers sets to machine IDs. Optionally triggers an alert based on a parser set assignment. A machine ID in the paging area only displays in the paging area of this page if:

• That machine ID has been previously assigned a log file parser definition using Monitor > Log Parser.
• That same log file parser definition is selected in the Select Log File Parser drop down list.

Note: Assigning a parser set to a machine ID on this page activates the log parser. Parsing occurs whenever the log file being parsed is updated.

Parser Definitions and Parser Sets

When configuring Log Monitoring it's helpful to distinguish between two kinds of configuration records: parser definitions and parser sets.

A parser definition is used to:

• Locate the log file being parsed.
• Select log data based on the log data's format, as specified by a template.
• Populate parameters with log data values.
• Optionally format the log entry in Log Monitoring.

A parser set subsequently filters the selected data. Based on the values of populated parameters and the criteria you define, a parser set can generate log monitoring entries and optionally trigger alerts.

Without the filtering performed by the parser set, the KServer database would quickly expand. For example a log file parameter called $FileServerCapacity$ might be repeatedly updated with the latest percentage of free space on a file server. Until the free space is less than 20% you may not need to make a record of it in Log Monitoring, nor trigger an alert based on this threshold. Each parser set applies only to the parser definition it was created to filter. Multiple parser sets can be created for each parser definition. Each parser set can trigger a separate alert on each machine ID it is assigned to.

Log Monitoring Setup

1. Log Parser - Identify a log file to parse using a log file parser definition. A log file parser definition contains the log file parameters used to store values extracted from the log file. Then assign the log parser to one or more machines.
2. Assign Parser Sets - Define a parser set to generate Log Monitoring records, based on the specific values stored in the parameters. Activate parsing by assigning a parser set to one or more machine IDs previously assigned that log parser. Optionally define alerts.
3. Parser Summary - Quickly copy active parser set assignments from a single source machine to other machine IDs. Optionally define alerts.

To Create a Parser Set Alert

1. Check any of these checkboxes to perform their corresponding actions when a an alarm condition is encountered:
   • Create Alarm
   • Create Ticket
   • Run Script
   • Email Recipients
2. Set additional email parameters.
3. Select the parser set to add or replace.
4. Check the machine IDs to apply the alert to.
5. Click the Apply button.

To Cancel a Parser Set Alert

1. Select the machine ID checkbox.
2. Click the Clear button.

   The alert information listed next to the machine ID is removed.

Passing Alert Information to Emails and Scripts

The following types of monitoring alert emails can be sent and formatted:

• Log Monitoring parser alerts.
• Multiple log monitoring parser alerts.
• Missing log monitoring parser alert.

Note: Changing this email alarm format changes the format for both Assign Parser Sets and Parser Summary emails.

The following variables can be included in your formatted email alerts and in scripts.

Create Alarm

If checked and an alarm condition is encountered, an alarm is created. Alarms are displayed in Monitor > Dashboard List, Monitor > Alarm Summary and Reports > Logs > Alarm Log.

Create Ticket

If checked and an alarm condition is encountered, a ticket is created.

Run Script

If checked and an alarm condition is encountered, a script is run. You must click the select script link to choose a script to run. You can optionally direct the script to run on a specified range of machine IDs by clicking the this machine ID link. These specified machine IDs do not have to match the machine ID that triggered the alarm.

Email Recipients

If checked and an alarm condition is encountered, an email is sent to the specified email addresses.

• The email address of the currently logged in administrator displays in the Email Recipients field. It defaults from System > Preferences.
• Click Format Email to display the Format Alert Email popup window. This window enables you to format the display of emails generated by the system when an alarm condition is encountered.
• If the Add to current list radio option is selected, when Apply is clicked alert settings are applied and the specified email addresses are added without removing previously assigned email addresses.
• If the Replace list radio option is selected, when Apply is clicked alert settings are applied and the specified email addresses replace the existing email addresses assigned.
• If Removed is clicked, all email addresses are removed without modifying any alert parameters.
• Email is sent directly from the KServer to the email address specified in the alert. The SMTP service in IIS sends the email directly to the address specified. Set the From Address using System > Configure.

Select Log File Parser

Select a log parser from the Select log file parser drop-down list to display all machine IDs previously assigned this log parser using the Log Parser page.

Define log sets to match

After a log parser is selected, click Edit to define a new parser set or select an existing parser set from the Define log sets to match drop-down list.

Alert when...

Specify the frequency of the parser set condition required to trigger an alert:

• Alert when this event occurs once
• Alert when this event occurs <N> times within <N> <periods>
• Alert when this event doesn't occur within <N> <periods>
• Ignore additional alarms for <N> <periods>

Add / Replace

Click the Add or Replace radio options, then click Apply to assign a selected parser set to selected machine IDs.

Remove

Click Remove to remove all parser sets from selected machine IDs.

Apply

Applies the selected parser set to checked machine IDs.

Clear

Clears the assignment of a selected parser set from selected machine IDs.

Clear All

Clears all parser sets assigned to selected machine IDs.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has checked in and user is logged on. Tool tip lists the logon name.

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

The agent has been suspended

Machine.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access.

Delete

Click the delete icon next to a parser set to delete its assignment to a machine ID.

Log Set Names

Lists the names of parser sets assigned to this machine ID.

ATSE

The ATSE response code assigned to machine IDs:

• A = Create Alarm
• T = Create Ticket
• S = Run Script
• E = Email Recipients

Email Address

A comma separated list of email addresses where notifications are sent.

Interval

The interval to wait for the alert event to occur or not occur.

Duration

Applies only if Alert when this event occurs <N> times within <N> <periods> is selected. Refers to <N> <periods>.

Re-Arm

Applies only if Ignore additional alarms for <N> <periods> is selected.

Topic 3712: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.