Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SMP log file tracing

Created: 23 Jan 2013 • Updated: 23 Jan 2013 | 4 comments

Hello,

we are going to trace a.log file of SMP 7.1 using monitoring tool. And now we need to configure this monitoring policy. For the moment this monitoring tool create alert for each message in log file with severity="1".
Does any can advice me (or point me to some document about SMP log severities, error codes, etc) how to configure this monitoring policy to create only important alerts.

Thanks in advance!

Comments 4 CommentsJump to latest comment

Din@r's picture

It seems that no one does not use monitoring tools for these purposes. it's a pity.

mclemson's picture

The traditional monitoring approach is to define a threshold for alerts, set to log only (or, if it alerts, to notify you individually).  While these are generated for several days, they are evaluated and exceptions are made. When the results seem realistic for the level of alerting you want, the alerts are moved from log to alert and notify the larger monitoring group.  This is no different than what you would do for hardware or service monitoring.

You may be able to exclude certain Sources right away, such as anything generated by the agent vs. a server-based process.

Does this help?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

Din@r's picture

Thank you mclemson for your input!
But i am searching for the document with SMP errors description! I found such document for 6.x version of Altiris but not for SMP 7.x.
Or maybe someone already use same approach to monitor SMP and can to share information for which errors in SMP logs creates alerts in monitoring tool (BMC Patrol).

mclemson's picture

Can you post the document you have, or a link?  I'm not sure I've seen that document.

Regarding what to monitor, I would install the monitor pack created by Joseph Carlson at Symantec which monitors availability by ping, bandwidth, logs, disk space, and services.  You could also monitor your SQL server and your package servers for similar statuses (services running, disk space available, responds to ping):

https://www-secure.symantec.com/connect/downloads/...

As an administrator, reviewing the Altiris Log Viewer for errors is something you should do each day.  Personally I find it easier as a once a day task rather than counting on e-mails (which would do nothing except tell me I need to go look at the Altiris Log Viewer anyway).

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com