Investigating Messages to Monitor:
The user is having trouble with a particular service on a remote system, but is not sure how to catch the problem. He does know the name of the service which is causing the problem (which is "TROUBLE"), but he does not know the content of the messages it logs. The service runs on a UNIX system.
He creates a Syslog message event called
"Trouble Daemon Events." He sets it to match any facility and any
severity and puts the following in the string to match:
This will match all messages coming from the service named TROUBLE, which is the one he is investigating.
He then applies this passive monitor to any device where the TROUBLE service is running. Since we are just investigating, no actions are created for this monitor. Instead, the end result is to review the Syslog Log at the end of the month and look for TROUBLE messages that might be used to create more specific passive monitors.