Linux/SSH File Event Monitor Reference Guide
Linux/SSH File Event Monitor
Monitors the status and contents of files on your Linux systems.
Overview
The Linux/SSH File Event Monitor is designed to help you monitor the status and content of files on your Linux-based systems. It includes options for monitoring file size, timestamps, and can even check the file on multiple runs while only looking at new content that was added since the last run.
Use Cases
- Monitoring the content of log files
- Monitoring the size of specific files
- Getting alerted if files have changed
Monitoring Options
This event monitor provides the following options:
File
Enter the full path to the file that the event monitor should check.
Alert with [Info/Warning/Error/Critical] if the device cannot be contacted
Use this option to control whether or not you will be notified if the event monitor is unable to establish an SSH connection.
Alert with [Info/Warning/Error/Critical] if the file is [missing/present]
Use this option to alert if the event monitor was able to connect to the network device but the file was missing or present. You might use the option to alert when a file is missing if you have a critical configuration file that applications or services depend on. The option to warn if the file is present can be used for cases where applications or services create an error file when an unexpected condition is detected.
Alert with [Info/Warning/Error/Critical] if the file size has [increased/decreased/changed/remained the same] since the last run
Use this option to alert based on changes in the file's size.
Alert with [Info/Warning/Error/Critical] if the file's last modified date has [changed/remained the same] since the last run
Use this option to alert based on the file's last modified date.
Alert if the file is larger than a specified size
With this option, you can get alerts if the file's size exceeds thresholds that you specify.
Check the contents of the file
Enable this option to access further checks that will look at the contents of the file.
Alert with [Info/Warning/Error/Critical] if the file contains the text [text string]
Use this option to get alerts when specified text is found in the file.
When the text is found, show the line the text is on
If this option is enabled and a match is found, the line that the match was found on will be included in all alerts and notifications.
When the text is found, show the previous [#] lines
Use this option to also include some of the lines that precede the one where the match was found.
When the text is found, show the following [#] lines
Use this option to also include some of the lines that follow the one where the match was found.
Do not alert if the same line contains [text string]
With this option enabled and a match is found, the match will be ignored if any of the specified comma-separated text is found on the same line.
Alert with [Info/Warning/Error/Critical] if the file does not contain the text [text string]
This option is the opposite of the previous one. It will alert you if the specified text is not found in the file.
Only check for text that is new since the last check
By default, the event monitor will scan the entire file for the text you specify. With this option enabled it will only check new text that has been appended to the file since the last check.
Show the first [#] lines of the file in all notifications
With this option enabled the event monitor will show the first lines of the file in all alerts and notifications.
Show the last [#] lines of the file in all notifications
With this option enabled the event monitor will show the last lines of the file in all alerts and notifications.
Show the first [#] lines of new content from the file in all notifications
With this option enabled the event monitor will show a portion of the new content that was added to the file since the last run.
Enable date/time tokens in the file name
With this option enabled the event monitor will use the time the event monitor runs to replace time tokens in the given file name.
Example: \[devicename]\c$\folder\file-%%YYYY%%-%%MMZ%%-%%DDZ%%.ext
This would then use the current year, month and day to change the file name to: \[devicename]\c$\folder\file-1977-05-06.ext.
The following table shows the complete list of tokens that are supported:
Enable Solaris compatibility
Enable this option if the server you are connecting to is running Solaris. Otherwise, leave it off.
Connect on port number
The default port for SSH connections is 22 but if your servers are using a non-standard port you can specify it here.
Authentication and Security
The account used for authentication must have interactive login rights via SSH. It also must have permission to run the following commands:
- grep
- awk
- stat
- test
Protocols
Data Points
This event monitor generates the following data points:
| Data Point | Description |
|---|---|
| File Size | The size of a file. |
Sample Output
