Home
  •  

Apache Virtual Host Error Log Event Alert

Microsoft.ApacheHTTPServer.VirtualHost.Unix.ErrorLog.Alert (Rule)

This rule generates an alert if a line logged to the Virtual Host's error log matches the defined regular expression.

Knowledge Base article:

Summary

This rule monitors the Error Log for an Apache Virtual Host and generates alerts if newlines matching the defined Regular Expression are found.

Resolutions

Investigate the cause of the fault described by the error message.

Configuration

This rule is disabled by default. Use overrides to enable the rule and define the regular expression to match for generating alerts.

Default Configuration

Parameter

Default Value

Enabled

false

RegExpFilter

error

Overrides can be used to change the parameter values defined above for all instances or for specific instances or groups.

Element properties:

TargetMicrosoft.ApacheHTTPServer.VirtualHost.Unix
CategoryEventCollection
EnabledFalse
Alert GenerateTrue
Alert SeverityInformation
Alert PriorityNormal
RemotableTrue
Alert Message
Apache Virtual Host Error Log Alert
{0}

Member Modules:

ID Module Type TypeId RunAs 
EventDS DataSource Microsoft.Unix.SCXLog.Privileged.Datasource Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.ApacheHTTPServer.VirtualHost.Unix.ErrorLog.Alert" Target="Microsoft.ApacheHTTPServer.VirtualHost.Unix" Enabled="false" Remotable="true">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="EventDS" TypeID="Unix!Microsoft.Unix.SCXLog.Privileged.Datasource">

      <Host>$Target/Host/Host/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$</Host>

      <LogFile>$Target/Property[Type="Microsoft.ApacheHTTPServer.VirtualHost"]/ErrorLog$</LogFile>

      <RegExpFilter>error</RegExpFilter>

      <IndividualAlerts>false</IndividualAlerts>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>0</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.ApacheHTTPServer.VirtualHost.Unix.ErrorLog.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>