OpsMgr 2007 : How to Generate alerts based on generic CSV log file
Here's a small document I put up together to outline how to generate alerts out of the CSV file. Apparently the steps are outlined below and for convenience I have also attached the PDF with screen shots attached.
Step 1: Go to Authoring TAB , right click on "RULES" and Select "Create New Rules"
Step 2: Expand Alert Generating Rules expand Event Based
Step 3: Select Generic CSV Text Log (Alert)
Step 4: Enter the rule name, Description. Click select to pick a target class.
Step 5: For testing purpose choose "Windows Computer"
Step 6: Enter the Directory path where log resides for ex " c:\logs "
Step 7: In the pattern you could include log pattern for ex ( FileDDMMYYY.log )
file*.log to represent all log files
Step 8: You can specify the separator in the CSV ex , ; /
Step 9: Considering you might have multiple values separated by comma(or any other separator)
the next steps is to specify a condition generally Params/Param[1] would indicate first column in CSV file of the active row.
for purpose of this example proved Params/Param[1] matchregularexpression test
Step 10: Provide matching alert priority/severity
There are some special variables that you can use to print in alert description
===========================================================
Log file Directory : $Data/EventData/DataItem/LogFileDirectory$
Log file name: $Data/EventData/DataItem/LogFileName$
Column Data: $Data/EventData/DataItem/Params/Param[1]$
===========================================================
In case you decide to use a monitor
====================================================
Log file Directory : $Data/Context/LogFileDirectory$
Log file name: $Data/Context/LogFileName$
Column Data: $Data/Context/Params/Param[1]$
Ex test,abcd,efgh is the line
$Data/Context/Params/Param[1]$ should contain test
$Data/Context/Params/Param[2]$ should contain abcd and so on
====================================================
Download the document in the PDF format
Sampa has a great blog which explains overall Application log monitoring and is an excellent resource
https://blogs.msdn.com/sampatton/archive/2007/04/21/application-log-monitoring.aspx