Updated August 11, 2016
Some users may want to populate the alerts with data from events or other monitored resources.
A Content Generator is used to format data into messages for Information Alerts. The Event Log, SNMP Trap and File Watching Monitors support the use of Regular Expressions to capture variable data such as:
The SNMP Trap, Event Log and File Watching Monitors support supplemental Tokens that can be referenced in a Content Generator to provide additional information in the Alert message. These Tokens can be divided into two categories:
Numeric Tokens allow you to retrieve specific text matches, or 'captures', located by a Regular Expression search.
The syntax for Numeric Tokens is: %capture[#]% (ie. %capture% or %capture%.
For example, consider a file watched by the File Watching Monitor, which contains the following entry:
1/30/2006 7:45:08 AM ERROR: The application failed to start. REASON: Required resource myapp.dll could not be located.
Within the File Watching Monitor, the following Regular Expression has been entered:
ERROR\: (.*?) REASON\: (.*?)
In this example:
The %capture% Token would resolve to: "The application failed to start."
The %capture% Token would resolve to: "Required resource myapp.dll could not be located.".
Assuming an Information Alert was correctly configured, this information would be included in the body of the Alert.
Property tokens allow you to access additional parameters describing an Event Log entry, a file entry, or an SNMP Trap. The syntax for Property Tokens is %capture[property_name]%.
%capture[timewritten]% (Event Log Monitor specific)
%capture[bindings]% (SNMP Trap Monitor specific)
%capture[offset]% (File Watching Monitor specific)
The following tables contain the Property Tokens available to the Event Log, File Watching and SNMP Trap Monitors:
All IP Monitor versions
To add or edit a Content Generator, click the Content Generators menu option located in the Alerts section.
A Content Generator contains three elements:
Note: When capturing data from an Event Log description, the captured string may already terminate with a CRLF. If an Information Alert "appears" to contain an extra CRLF, this may be the source of the formatting problem.
The variable type used to parse information captured by Regular Expressions. For example:
New Account Name: %capture%
Variables are enumerated in the same order they are defined in the RegEx. In the example shown above, "New Account Name" is the first variable defined in the RegEx and "Caller Domain" is the last.
When more than one RegEx Search Scenario is configured for a Monitor, variables are enumerated starting in the first Regular Expression and counting through the last Regular Expression. For example:
First Regular Expression: %capture%, %capture%, %capture%
Second Regular Expression: %capture%, %capture%, and so on
%capture[token_name]% Variable Type
The variable type used to parse supplemental Content Generator Tokens. For example:
Event Timestamp: %capture[timewritten]%
For additional examples illustrating how to configure Information Alerts and Content Generators refer to: