Log File Monitor Test
- Log File monitoring test monitors multiple alert log files for different patterns.
- This ensures that eG Enterprise monitors the most recent log files in the specified directory.
- The test checks any changes have occurred in the size and/or timestamp of the log files that were monitoring during the last measurement period; Whether any new log files (that match the ALERTFILE specification) has been newly added since the last measurement period.
If a few lines have been added to a log file that was monitored previously, then the eG agent monitors the additions to that log file and then proceeds to monitor newer log files (if any). If an older log file has been overwritten, then, the eG agent monitors this log file completely and then proceeds to monitor the newer log files (if any)
Enabling the Log File Monitor Test for the component
- In the test configuration page, enable the Logfile monitoring test for the component.
- After enabling the test, configure the Logfile monitoring test for monitoring.
Configuring Log File Monitor Test
- This test monitors multiple alert log files for different patterns.
- The default parameters associated with this test are as follows:
- The TEST PERIOD list box helps the user to decide how often this test needs to be executed.
- In the HOST text box, the hostname of the server for which the test is to be configured has to be specified.
- The port number to which the server is listening is to be provided in the PORT text box.
- In the ALERTFILE text box, specify the path to the alert log file to be monitored. For eg., /user/john/alert_john.log. Multiple log file paths can be provided as a comma-separated list - eg., /user/john/alert_egurkha.log,/tmp/log/alert.log.
- Also, instead of a specific log file path, the path to the directory containing log files can be provided - eg., /user/logs. This ensures that eG Enterprise monitors the most recent log files in the specified directory. Specific log file name patterns can also be specified. For example, to monitor the latest log files with names containing the strings 'dblogs' and 'applogs', the parameter specification can be, /tmp/db/*dblogs*,/tmp/app/*applogs*. Here, '*' indicates leading/trailing characters (as the case may be). In this case, the eG agent first enumerates all the log files in the specified path that match the given pattern, and then picks only the latest log file from the result set for monitoring.
- Your ALERTFILE specification can also be of the following format: Name@logfilepath_or_pattern. Here, Name represents the display name of the path being configured. Accordingly, the parameter specification for the 'dblogs' and 'applogs' example discussed above can be: dblogs@/tmp/db/*dblogs*,applogs@/tmp/app/*applogs*. In this case, the display names 'dblogs' and 'applogs' will alone be displayed as descriptors of this test.
Every time this test is executed, the eG agent verifies the following:
- If the ALERTFILE specification is of the format Name@logfilepath, then the descriptor for this test in the eG monitor interface will be of the format: Name: PatternName. On the other hand, if the ALERTFILE specification consists only of a comma-separated list of log file paths, then the descriptors will be of the format: LogFilePath: PatternName.
- If you want all the messages in a log file to be monitored, then your specification would be: <PatternName>:*.
- In the LINES text box, specify two numbers in the format x:y. This means that when a line in the alert file matches a particular pattern, then x lines before the matched line and y lines after the matched line will be reported in the detail diagnosis output (in addition to the matched line). The default value here is 0:0. Multiple entries can be provided as a comma-separated list.
- If you give 1:1 as the value for LINES, then this value will be applied to all the patterns specified in the SEARCHPATTERN field. If you give 0:0,1:1,2:1 as the value for LINES and if the corresponding value in the SEARCHPATTERN field is like ORA:ORA-*,offline:*offline*,online:*online then:
- 0:0 will be applied to ORA:ORA-* pattern
- 1:1 will be applied to offline:*offline* pattern
- 2:1 will be applied to online:*online pattern
- Provide a comma-separated list of patterns to be excluded from monitoring in the EXCLUDEPATTERN text box. For example, *critical*,*exception*. By default, this parameter is set to 'none'.
- By default, the UNIQUEMATCH parameter is set to FALSE, indicating that, by default, the test checks every line in the log file for the existence of each of the configured SEARCHPATTERNS. By setting this parameter to TRUE, you can instruct the test to ignore a line and move to the next as soon as a match for one of the configured patterns is found in that line. For example, assume that Pattern1:*fatal*,Pattern2:*error* is the SEARCHPATTERN that has been configured. If UNIQUEMATCH is set to FALSE, then the test will read every line in the log file completely to check for the existence of messages embedding the strings 'fatal' and 'error'. If both the patterns are detected in the same line, then the number of matches will be incremented by 2. On the other hand, if UNIQUEMATCH is set to TRUE, then the test will read a line only until a match for one of the configured patterns is found and not both. This means that even if the strings 'fatal' and 'error' follow one another in the same line, the test will consider only the first match and not the next. The match count, in this case, will, therefore, be incremented by only 1
- The ROTATINGFILE flag governs the display of descriptors for this test in the eG monitoring console.
- If this flag is set to true and the ALERTFILE text box contains the full path to a specific (log/text) file, then, the descriptors of this test will be displayed in the following format: Directory_containing_monitored_file:<SearchPattern>. For instance, if the ALERTFILE parameter is set to c:\eGurkha\logs\syslog.txt, and ROTATINGFILE is set to true, then, your descriptor will be of the following format: c:\eGurkha\logs:<SearchPattern>. On the other hand, if the ROTATINGFILE flag had been set to false, then the descriptors will be of the following format: <FileName>:<SearchPattern> - i.e., syslog.txt:<SearchPattern> in the case of the example above.
- If this flag is set to true and the ALERTFILE parameter is set to the directory containing log files, then, the descriptors of this test will be displayed in the format: Configured_directory_path:<SearchPattern>. For instance, if the ALERTFILE parameter is set to c:\eGurkha\logs, and ROTATINGFILE is set to true, then, your descriptor will be: c:\eGurkha\logs:<SearchPattern>. On the other hand, if the ROTATINGFILE parameter had been set to false, then the descriptors will be of the following format: Configured_directory:<SearchPattern> - i.e., logs:<SearchPattern> in the case of the example above.
- If this flag is set to true and the ALERTFILE parameter is set to a specific file pattern, then, the descriptors of this test will be of the following format: <FilePattern>:<SearchPattern>. For instance, if the ALERTFILE parameter is set to c:\eGurkha\logs\*sys*, and ROTATINGFILE is set to true, then, your descriptor will be: *sys*:<SearchPattern>. In this case, the descriptor format will not change even if the ROTATINGFILE flag status is changed ..
- The CASE SENSITIVE flag is set to No by default. This indicates that the test functions in a ‘case-insensitive’ manner by default. This implies that, by default, the test ignores the case of your ALERTFILE and SEARCHPATTERN specifications. If this flag is set to Yes on the other hand, then the test will function in a 'case-sensitive' manner. In this case, therefore, for the test to work, even the case of your ALERTFILE and SEARCHPATTERN specifications should match with the actuals.
- Both the bad and normal frequencies configured for the detailed diagnosis measures should not be 0.
- Once the necessary values have been provided, clicking on the UPDATE button will register the changes made.