Skip to main content

Creating custom syslog events

Contributors netapp-lhalbert

Custom events allow you to track all kernel, daemon, error and critical level user events logged to the syslog server. A custom event can be useful for monitoring the occurrence of system log messages (and thus network security events and hardware faults).

About this task

Consider creating custom events to monitor recurring problems. The following considerations apply to custom events.

  • After a custom event is created, every occurrence of it is monitored. You can view a cumulative Count value for all custom events on the Nodes > grid node > Events page.

  • To create a custom event based on keywords in the /var/log/messages or /var/log/syslog files, the logs in those files must be:

    • Generated by the kernel

    • Generated by daemon or user program at the error or critical level

Note: Not all entries in the /var/log/messages or /var/log/syslog files will be matched unless they satisfy the requirements stated above.

Steps
  1. Select Configuration > Monitoring > Events.

  2. Click Edit pencil icon (or Insert plus icon if this is not the first event).

  3. Enter a custom event string, for example, shutdown

    screenshot showing where to enter custom event string
  4. Click Apply Changes.

  5. Select Nodes. Then, select grid node > Events.

  6. Locate the entry for Custom Events in the Events table, and monitor the value for Count.

    If the count increases, a custom event you are monitoring is being triggered on that grid node.

    SSM > Events > Overview page