Created by James Hurrell on Nov 03, 2023

  • This panel is available in Console ≥ 2.10. In previous release, alert patterns are configured in a properties file.
  • The separate Log Service is required in order for any patterns to be matched.

See Log Service installation.

Patterns section

This section governs patterns that are used to match specific log messages (or parts of log messages) that the log service should watch for while processing the logs. These log messages are then highlighted in CAST Console as alerts whenever the Log Service "sees" them in any log files it is parsing. A set of default alerts are provided for you, these are the most common log messages that indicate some sort of issue that needs further investigation.

ItemDescription
Add Pattern button

Add a new custom pattern to the list:

  • Pattern: enter the string or regular expression you want to match in the log messages.
  • Match Case: choose whether the pattern you have added should be case-sensitive or not.
  • String/Regex: choose how CAST Console should interpret your pattern. If the pattern is a pure alpha numeric string, you should choose STRING. If the pattern is a regular expression, or contains regular expression type syntax, you should choose REGEX.
  • CANCEL: will close the dialog and all changes will be lost.
  • SAVE: will close the dialog box and save the new pattern to the list.

Reset Alerts button

This button will restore the default set of patterns to the list. All custom patterns will be removed and any default patterns that you have manually deleted will be restored.
Patterns table

Lists the patterns that the Log Service will watch for:

  • Pattern: the string/regular expression that forms your pattern
  • Type: whether STRING or REGEX (regular expression)
  • Match Case: true or false whether the pattern is case-sensitive or not
  • Delete icon: removes the pattern (default patterns can also be removed)

Log Message IDs section

This section allows you to create a custom alert based on a specific Log Message ID found in the analysis log - in other words, when a Log Message ID is added to the list, whenever that specific Log Message is encountered during an analysis, a custom alert will be displayed (see below for more information about where alerts are displayed). In addition, each Log Message ID has a specific description and remediation: when the alert from this Log Message is displayed to the user, the View Remedy button will then display these description and remediation entries to help understand why the Log Message has occurred and what can be done about it.

In the example below, two Log Message IDs from the com.castsoftware.mainframe extension have been added to the list: whenever these Log Message IDs are encountered in an analysis, a corresponding alert will also be displayed to the user:

To add a new entry, click the Add Log Message ID button and choose the message you would like to add:

Thresholds section

The instructions below are specifically for Console ≥ 2.10. In Console 2.9 only, the thresholds are configured using the Node .yml configuration (see Configuring unanalyzed alert thresholds).

If you have set custom values for these thresholds using the method described in Configuring unanalyzed alert thresholds and you action an in-place upgrade to a more recent release of CAST Console, the custom values will be lost and you will need to re-set them using the UIas described below.

When an analysis has been completed, CAST Console provides two alerts about files that have not been analyzed - see AIP Console - Job Progress panel - if you receive these alerts, you should investigate why they have been triggered by examining the analysis log files since a large percentage of unanalyzed files can negatively impact your analysis results:

Global alert

Specific "no reason" alert

The thresholds at which these alerts are triggered (50% for the global alert and 10% for the specific "no reason" alert) are predefined, but can be customized using the interface above.

Request validation for all alerts

This option (when enabled) will force users to review and validate any alerts that are displayed before the "Upload to Imaging" step can complete. When enabled, the following option is added in to the AIP Console - Job Progress panel / Application - Overview with Fast Scan / Application - Logs:

The following behaviour then occurs:

  • In all situations, the Upload to Imaging step will not be automatically run, then:
    • If there are no alerts the Upload to Imaging step can be triggered using the Advanced option or by clicking on the Resume button at the bottom of the Application - Overview with Fast Scan panel.
    • If there are alerts, these alerts should be reviewed and then acknowledged by ticking the Alerts have been review and validation check box. When this is done, the Upload to Imaging step can be triggered using the Advanced option or by clicking on the Resume button at the bottom of the Application - Overview with Fast Scan panel.

Alert display

When an occurrence of any of the string/regex listed in the table is detected by the Log Service during an analysis, these will be transformed into Alerts and will be displayed in various different places:

Job Progress panel

See AIP Console - Job Progress panel:

Overview with Fast Scan panel

See Application - Overview with Fast Scan:

Log window

See Application - Logs:

Alert groupings

When multiple occurrences of a string/regex are detected by the Log Service, these occurrences will be grouped and will give rise to one single alert. Use the arrows to scroll back and forth between alerts:

Directly viewing the alerts in the log

To view the matched pattern in the analysis log file, click the VIEW REMEDY option:

Example

For example, a custom pattern as follows (JAVA124) has been added to the list - this is designed to create an alert every time the "JAVA124" log message occurs during an analysis:

When the analysis is run and the message occurs, an alert is generated and displayed in the locations listed previously, for example in the AIP Console - Job Progress panel: