- This panel is available in Console ≥ 2.10. In previous release, alert patterns are configured in a properties file.
- The separate Log Service is required in order for any patterns to be matched.
This section governs patterns that are used to match specific log messages (or parts of log messages) that the log service should watch for while processing the logs. These log messages are then highlighted in CAST Console as alerts whenever the Log Service "sees" them in any log files it is parsing. A set of default alerts are provided for you, these are the most common log messages that indicate some sort of issue that needs further investigation.
|Add Pattern button|
Add a new custom pattern to the list:
Reset Alerts button
|This button will restore the default set of patterns to the list. All custom patterns will be removed and any default patterns that you have manually deleted will be restored.|
Lists the patterns that the Log Service will watch for:
Log Message IDs section
This section allows you to create a custom alert based on a specific Log Message ID found in the analysis log - in other words, when a Log Message ID is added to the list, whenever that specific Log Message is encountered during an analysis, a custom alert will be displayed (see below for more information about where alerts are displayed). In addition, each Log Message ID has a specific description and remediation: when the alert from this Log Message is displayed to the user, the View Remedy button will then display these description and remediation entries to help understand why the Log Message has occurred and what can be done about it.
In the example below, two Log Message IDs from the com.castsoftware.mainframe extension have been added to the list: whenever these Log Message IDs are encountered in an analysis, a corresponding alert will also be displayed to the user:
To add a new entry, click the Add Log Message ID button and choose the message you would like to add:
The instructions below are specifically for Console ≥ 2.10. In Console 2.9 only, the thresholds are configured using the Node .yml configuration (see Configuring unanalyzed alert thresholds).
If you have set custom values for these thresholds using the method described in Configuring unanalyzed alert thresholds and you action an in-place upgrade to a more recent release of CAST Console, the custom values will be lost and you will need to re-set them using the UIas described below.
When an analysis has been completed, CAST Console provides two alerts about files that have not been analyzed - see AIP Console - Job Progress panel - if you receive these alerts, you should investigate why they have been triggered by examining the analysis log files since a large percentage of unanalyzed files can negatively impact your analysis results:
Specific "no reason" alert
The thresholds at which these alerts are triggered (50% for the global alert and 10% for the specific "no reason" alert) are predefined, but can be customized using the interface above.
Request validation for all alerts
This option (when enabled) will force users to review and validate any alerts that are displayed before the "Upload to Imaging" step can complete. When enabled, the following option is added in to the AIP Console - Job Progress panel / Application - Overview with Fast Scan / Application - Logs:
The following behaviour then occurs:
- In all situations, the Upload to Imaging step will not be automatically run, then:
- If there are no alerts the Upload to Imaging step can be triggered using the Advanced option or by clicking on the Resume button at the bottom of the Application - Overview with Fast Scan panel.
- If there are alerts, these alerts should be reviewed and then acknowledged by ticking the Alerts have been review and validation check box. When this is done, the Upload to Imaging step can be triggered using the Advanced option or by clicking on the Resume button at the bottom of the Application - Overview with Fast Scan panel.
When an occurrence of any of the string/regex listed in the table is detected by the Log Service during an analysis, these will be transformed into Alerts and will be displayed in various different places:
Job Progress panel
Overview with Fast Scan panel
See Application - Logs:
When multiple occurrences of a string/regex are detected by the Log Service, these occurrences will be grouped and will give rise to one single alert. Use the arrows to scroll back and forth between alerts:
Directly viewing the alerts in the log
To view the matched pattern in the analysis log file, click the VIEW REMEDY option:
For example, a custom pattern as follows (JAVA124) has been added to the list - this is designed to create an alert every time the "JAVA124" log message occurs during an analysis:
When the analysis is run and the message occurs, an alert is generated and displayed in the locations listed previously, for example in the AIP Console - Job Progress panel: