Home
  •  

Sysid Config Alert Rule

Microsoft.Solaris.10.LogFile.Syslog.Sysidconfig.Command.Alert (Rule)

Alert rule for Sysid Config Messages.

Knowledge Base article:

Summary

An error was found in the log file for sysidconfig. Sysidconfig is executed during initial installation and during a reconfigure reboot.

Configuration

This rule is disabled by default. To enable this rule for monitoring, use overrides to configure the log file path and enable the rule. The log file path is set with the overridable property named LogFile, and the value must be set to the full path to the log file that will receive these events, as defined in the syslog configuration. Overrides can be used to change the parameter values for all instances or for specific instances or groups.

Causes

An error or warning could indicate that configuration failed for a device or application.

Resolutions

Verify the configuration for the failed application or device

Element properties:

TargetMicrosoft.Solaris.10.Computer
CategoryEventCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
Sysid Config Alert detected
{0}

Member Modules:

ID Module Type TypeId RunAs 
EventDS DataSource Microsoft.Unix.SCXLog.Datasource Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.Solaris.10.LogFile.Syslog.Sysidconfig.Command.Alert" Target="Microsoft.Solaris.10.Computer" Enabled="true" Remotable="true">

  <Category>EventCollection</Category>

  <DataSources>

    <!-- [TYPE] Solaris SysID False -->

    <!-- [INPUT] Executing Configuration Applications at: Thu Mar 29 06:07:45 2007 -->

    <!-- [INPUT] Executing config app: /usr/sbin/sysidnfs4 -->

    <!-- [INPUT] Executing config app: /usr/sbin/sysidpm -->

    <!-- [INPUT] Executing config app: /lib/svc/method/sshd -->

    <!-- [INPUT] Executing config app: /usr/lib/cc-ccr/bin/eraseCCRRepository -->

    <!-- [INPUT] Completed Executing Configuration Applications at: Thu Mar 29 06:07:45 2007 -->

    <DataSource ID="EventDS" TypeID="Unix!Microsoft.Unix.SCXLog.Datasource">

      <Host>$Target/Property[Type="Unix!Microsoft.Unix.Computer"]/PrincipalName$</Host>

      <LogFile>/var/log/sysidconfig.log</LogFile>

      <RegExpFilter>.+</RegExpFilter>

      <IndividualAlerts>false</IndividualAlerts>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.Solaris.10.LogFile.Syslog.Sysidconfig.Command.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>