Hi Experts,
I have created a SCOM rule to pick few keywords like Error and warning and trigger an alert.
The logs will be continuously written when the corresponding services are in running state and there are no inputs into log file when the services are in stopped state.
SCOM is not able to pick the keywords in the log when the process corresponding to it is running. But when the process/services which triggers the write into logs are in a stopped state and i manually append the lines with the keywords SCOM rule will pick it up and create alerts.
My initial suspect was that the log file becomes unreadable when the process/service are in a started state.
But i started the service and tried to read keywords using command prompt type logfilename.log | findstr "keyword" and i was able to get the results, which is strange as i thought the file wont be readable when it is being written.
Looking into for the help.
Regards,
Prajul Nambiar