Generating and nullifying an alarm based on dual-search strings

You can configure the PATROL KM for Log Management to generate an alarm based on two search strings. You can configure dual search for a text instance so that the PATROL KM for Log Management goes into the alarm state when the first string is found in the monitored file and then nullifies the alarm when the second string is found.

Before you begin

You must be using the PATROL Central Operator - Windows Edition, PATROL Central Operator - Web Edition, or a PATROL Console in Developer mode. You can also add a text file to monitor by using the PATROL KM for Log Management PATROL Configuration Manager plug-in as described in PATROL Agent Configuration Variables.

To configure the KM to alarm based on dual-search strings for a text instance

1. Depending on whether you are adding a new log file to be monitored or changing an existing log file, access the either of the following, as described in Add File for Label - dialog box and Change File for Label - dialog box.
   • Add File for Label: instanceName dialog box
   • Change File for Label: instanceName dialog box
2. Enter the nullify search string in the Nullify Alarm/Warn String text box.
3. If you are in the Add File for Label: instanceName dialog box, click Next to navigate to the Configure Search Criteria: instanceName: Define Search Criterion dialog box and enter the first search string in the String1 text box. The PATROL KM for Log Management goes into an alarm state when the first string (for example, 'Alarm up') is found in the monitored file and nullifies the alarm when the second string (for example, 'Alarm down') is found.