Log Scanner Modification – (was)alert Profile Custom Formatting

by Jun 2, 2007

I've created a custom format email layout like so:

Date & Time: $DATETIME$
Notification Type: $TYPE$

Hostname: $HOSTNAME$ ($HOSTSTATE$)
Service: $SERVICENAME$ ($SERVICESTATE$)

Output:
$OUTPUT$

Which sends me nicely laid out emails whenever something happens. One slight problem is the $OUTPUT$ string. I have a service instance that uses the UNIX Log Scanner to look for the RE of [E|e]xception in the last 50 lines of a log. It alerts if there are one or more occurences.

In the case that two cases of 'exception' are found, $OUTPUT$ will be:

found: 2 is greater than or equal to 1 (Process returned with valid status – found 2)

While it is the exact results of the test I asked it to perform, it's not exactly informative. eg It doesn't mention that it's found something that matches a RE in a log. It's becoming a bit of a problem as the application support guys here are far too used to HP VPO/ITO/NNM/whatever which gives slightly less cryptic messages.

Is there any way of getting some slightly more useful information from the output of a service monitor, or should I start re-educating the app support guys? I'm a bit fed up with the running joke that Uptime is stating the obvious, that 2, is indeed, greater than 1…

Cheers,

Jay