Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > ipMonitor > Use Content Generator in IP Monitor

Use Content Generator in IP Monitor

Table of contents

Updated  August 11, 2016

Overview

Some users may want to populate the alerts with data from events or other monitored resources.

A Content Generator is used to format data into messages for Information Alerts. The Event Log, SNMP Trap and File Watching Monitors support the use of Regular Expressions to capture variable data such as:

  • An Event Log description
  • Variable-binding data from an SNMP Trap
  • A line from a log file
  • Captured data is then passed to a Content Generator for parsing into a message. Additional information relating to the Monitor such as the Event timestamp or the source IP address of a received SNMP Trap can also be included in the message.
  • Once the message is structured correctly, it may be passed to any number of Alerts that are configured to act on the specific Monitor that triggered the Alert.
  • The following Alert types fully support Information Alert messages:
  • Simple Email
  • Customized Email
  • Net Broadcast
  • Event Log
  • Text Log
  • SNMP Trap

 

The SNMP Trap, Event Log and File Watching Monitors support supplemental Tokens that can be referenced in a Content Generator to provide additional information in the Alert message. These Tokens can be divided into two categories:

  • Numeric Tokens and Property Tokens.
  • Numeric Tokens

 

Numeric Tokens allow you to retrieve specific text matches, or 'captures', located by a Regular Expression search.

The syntax for Numeric Tokens is: %capture[#]% (ie. %capture[1]% or %capture[2]%.

For example, consider a file watched by the File Watching Monitor, which contains the following entry:

1/30/2006 7:45:08 AM ERROR: The application failed to start. REASON: Required resource myapp.dll could not be located.

Within the File Watching Monitor, the following Regular Expression has been entered:

ERROR\: (.*?) REASON\: (.*?)

In this example:
The %capture[1]% Token would resolve to: "The application failed to start."
The %capture[2]% Token would resolve to: "Required resource myapp.dll could not be located.".
Assuming an Information Alert was correctly configured, this information would be included in the body of the Alert.

 

Property Tokens
Property tokens allow you to access additional parameters describing an Event Log entry, a file entry, or an SNMP Trap. The syntax for Property Tokens is %capture[property_name]%.

For example:

%capture[timewritten]%     (Event Log Monitor specific)

%capture[bindings]%        (SNMP Trap Monitor specific)

%capture[offset]%        (File Watching Monitor specific)

 

The following tables contain the Property Tokens available to the Event Log, File Watching and SNMP Trap Monitors:

 

Environment

All IP Monitor versions

Steps

To add or edit a Content Generator, click the Content Generators menu option located in the Alerts section.

 

A Content Generator contains three elements:

  1. Name: Identifies the Content Generator.
  2. Value: Defines the layout of the "captured" data. This will be the format of the Alert message.
  3. Coalesce Separator: specifies the string used to terminate each captured data "element". By default, this is \r\n (CRLF).

 

Note: When capturing data from an Event Log description, the captured string may already terminate with a CRLF. If an Information Alert "appears" to contain an extra CRLF, this may be the source of the formatting problem.

 

%capture[#]%Variable Type
The variable type used to parse information captured by Regular Expressions. For example:

New Account Name: %capture[1]%

Variables are enumerated in the same order they are defined in the RegEx. In the example shown above, "New Account Name" is the first variable defined in the RegEx and "Caller Domain" is the last.

When more than one RegEx Search Scenario is configured for a Monitor, variables are enumerated starting in the first Regular Expression and counting through the last Regular Expression. For example:

First Regular Expression: %capture[1]%, %capture[2]%, %capture[3]%
Second Regular Expression: %capture[4]%, %capture[5]%, and so on

%capture[token_name]% Variable Type
The variable type used to parse supplemental Content Generator Tokens. For example:

Event Timestamp: %capture[timewritten]%

For additional examples illustrating how to configure Information Alerts and Content Generators refer to:

 

 

 

Last modified

Tags

Classifications

Public