Monitoring to be in place for a specific log file generated by our application

Hi everyone,

I am trying to figure out how to configure the below stuff in SCOM 2007 R2. It would be nice to have an answer or an idea where I start from.

We need monitoring to be in place for a specific log file generated by our application. Below is the location.


The key words/statements to monitor:

– Decider: Failed with code

– Forms Master CM 5 Directory Monitor: 0:0:: Failed to create directory

These should be monitored for the following servers:

– Application01

– Application02

– Application03

– Application04



As part of the requirement, the alert should be smart enough to not only check if the log contains these details but should be able to determine whether an alert for that specific entry has already been created. This can be based on the timestamp found on the log.



–       2014/11/03 14:28:36:13840: DECIDER:0:3::Decider: Failed with code

–       2014/10/29 14:45:10:0: FormsMaster CM 5 Directory Monitor:0:0::Failed to create directory


Many thanks for the efforts.

4 thoughts on “Monitoring to be in place for a specific log file generated by our application

  1. Sean P. Tompkins

    You can get MOST of what you want with the log file rules/monitors out of the box in SCOM – however, you won’t get the duplicate protection you indicated.

    If you set the it up as a monitor with a timer reset, you’ll get any additional alerts as repeats under the original open alert – that will suppress alerts coming in close to the original – but there’s no logic to check to see if the duplicates that are suppressed are actually different from the original.

    Set it up as a rule, and each one will trigger separately. To get the true de-duplication you want, you’d have to set it up as a collection rule, then do some additional work either through a script or connector to take the information gathered from the rule and evaluate it to determine if an alert should be created.

    It’s a bit complicated, but doable – and definitely easier than maintaining file-pointers yourself in the logfile!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.