Alert rule for Kernel Panic Messages in Syslog.
A kernel panic has been detected in the system log files. A kernel panic is an internal fatal error in which the system cannot easily recover.
Kernel panics can be caused by memory errors, hardware failures, or bugs in the operating system.
If a kernel panic occurs, the system will require a reboot. This is usually done automatically, but if not should be done manually. Root cause analysis should be performed by viewing associated event details in the system log files and by inspecting the system dump file if available.
Target | Microsoft.AIX.6.1.Computer | ||
Category | EventCollection | ||
Enabled | False | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
EventDS | DataSource | Microsoft.Unix.SCXLog.Datasource | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Microsoft.AIX.6.1.LogFile.Syslog.Kernel.Panic.Alert" Target="Microsoft.AIX.6.1.Computer" Enabled="false" Remotable="true">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="EventDS" TypeID="Unix!Microsoft.Unix.SCXLog.Datasource">
<Host>$Target/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$</Host>
<LogFile>/var/log/syslog.log</LogFile>
<RegExpFilter>.*[kK]ernel.*panic.*</RegExpFilter>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertMessageId>$MPElement[Name="Microsoft.AIX.6.1.LogFile.Syslog.Kernel.Panic.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
</WriteActions>
</Rule>