HP EVA: Monitor Eva’s error log for critical issues
The EVA Management Pack from HP monitors alerts sent by WEBES to MOM via the DESTA service. We configured DESTA to send to MOM via a XML feed. What happens to monitoring of your EVA systems when DESTA crashes or there are other errors on the EVA management server? You will receive no notification about critical EVA issues. Therefore it is essential that you monitor a log file that will inform you of issues with the EVA management server. These issues affect things like the phone home capability and the DESTA service feeding MOM.
If you want to ensure WEBES and DESTA are healthy and all systems are operational, then you might want to do the following:
1) Create a rule to monitor the DESTA service.
This is a simple task. Create a new rule. The data provider should be: Internally-generated Event
The criteria should be:
Source: Microsoft Operations Manager
Event ID: 21207
Click on advanced and select ‘Parameter 5’ equals ‘DESTA_Service’
Now you can fill out the rest of the tabs accordingly, but we have a response if the DESTA service is down or crashes. Our response is to net start the DESTA service:
Click Add and select ‘Execute a command or batch file’
Then fill out the blanks accordingly:
Command Line: /c net start DESTA_Service
Initial Directory: c:\winnt\system32\
Select the radio button for Agent Computer.
Now you are monitoring the DESTA service on your EVA management server.
After you set up this rule, let’s create three rules that look for critical errors in your director_err.txt log file.
2) Create a new log file provider.
Create a new rule in the appropriate rule group (I recommend making a computer group that contains just your HP EVA management servers. After you make this new group, associate it with a new rule group that will contain three simple rules).
The rule will be an event rule. When you get to the provider portion of the rule, you want to click on ‘NEW’ near the bottom of the dialog box. You will be prompted to name this new provider. I called it HPEVAErrorlog. The type is Generic single-line log file. You will then be prompted to enter the directory where the file is located and give the name of the log file. For our environment it was located in ‘C:\Program Files\Hewlett-Packard\svctools\specific\Webes\logs’ and the name is ‘director_err.txt’. Once you create this provider you will never have to create it again, you will have to select it for the next few rules that you create.
The first rule (that you already started to create) should have Parameter 4 matches wildcard ‘*Cannot establish socket connection with the server.*’.
The second rule will use the same provider and Parameter 4 matches wildcard ‘*Error parse error"
The third and final rule will use the same provider and Parameter 4 matches wildcard ‘OutOfMemoryError’
These three lines were identified as crucial by HP. If these text segments are found in the log file, then you will have to troubleshoot the issue you are having with the management server. These issues may prevent WEBES from sending MOM HP EVA related alerts via the DESTA service. So it would be smart for you to monitor for these three lines of text.
To test if the rules are working, just create the text file ‘director_err.txt’ in that directory (one may not be present) and ensure that you have the above text in the file. MOM will pick it up and alert you accordingly.